Search Statement¶
Table of Contents
Boolean Statements¶
The and Statement¶
The clause (query) must appear in matching documents
source 'employee' | search Gender='Male' AND MaritalStatus='Unmarried'
The or Statement¶
The clause (query) should appear in matching documents.
source 'employee' | search Gender='Male' OR MaritalStatus='Unmarried'
The equals Statement¶
The equals query is equivalent to term query and finds documents that contain the exact term specified in the inverted index. For instance:
source 'employee' | search Gender='Male'
The not equals Statement¶
The clause (query) should not appear in matching documents.
source 'employee' | search LastName!='RECHKEMMER'
Regex Statement¶
The regexp query allows you to use regular expression term queries.
source 'employee' | search regex MaritalStatus='Marr.*'
Wildcard Statement¶
Matches documents that have fields matching a wildcard expression (not analyzed). Supported wildcards are *, which matches any character sequence (including the empty one), and ?, which matches any single character. Link.
source 'employee' | search wildcard MaritalStatus='Marr*'
Exact match Statement¶
The query finds documents that contain the exact term specified in the inverted index. Term query
source 'employee' | search Gender==='Male'
Range Statement¶
Matches documents with fields that have terms within a certain range.
source 'employee' | search Salary>100000 && Salary<103000
Eval Statement¶
A query allowing to define scripts as queries. Script query
source 'employee' | eval NewSalary='return 9000+doc["Salary"].value',NewSalary2='return 9000+doc["Salary"].value'
From / Size¶
Pagination of results can be done by using the limit query.
Note
limit <from>,<size>
source 'employee' | limit 1,2