Match and multi_match queries

The match and multi_match queries behave similarly to the term query, except that they analyze the field being passed in. Don’t worry if you’re unsure what we mean by analyze, as we’ll be covering analyzing your data in chapter 5.

MATCH QUERY

Similar to the term query, the match query is a hash map, containing the field you’d like to search as well as the string you want to search for, which can be either a field, or the special _all field to search all fields at once. Here’s an example match query, searching for groups where name contains “elasticsearch”:

% curl 'localhost:9200/get-together/group/_search' -d' {

"query": { "match": {

"name": "elasticsearch"

} } }'

The match query can behave in a number of different ways; the two most important behaviors are Boolean and phrase.

BOOLEAN QUERY BEHAVIOR

By default, the match query uses Boolean behavior and the OR operator. For example, if you search for the text “Elasticsearch Denver,” Elasticsearch searches for “Elasticsearch OR Denver,” which would match get-togethers from both “Elasticsearch Amsterdam” and “Denver Clojure Group”.

To search for results that contain both “Elasticsearch” and “Denver”, change the operator by modifying the match field name into a map and set the operator field to and:

% curl 'localhost:9200/get-together/_search' -d' {

"query": { "match": {

"name": { #A "query": "elasticsearch denver", #B "operator": "and" #C }

} } }'

#A Uses a map instead of a string for the name value

#B Specifies search string in a query key

#C Uses and operator instead of default or operator

The second important way a match query can behave is as a phrase query.

PHRASE QUERY BEHAVIOR

A phrase query is useful when searching for a specific phrase within a document, with some amount of leeway between the positions of each word. This leeway is called slop, which is a number representing the distance between tokens in a phrase. Say you’re trying to remember the name of a get-together group; you remember it had the words “Enterprise” and “London”

in it, but you don’t remember the rest of the name. Well, you could search for the phrase

“enterprise london” with slop set to 2 or 3 instead of the default of 0 to find results containing that phrase without having to exactly know the title of the group:

% curl 'localhost:9200/get-together/groups/_search' -d'

"_index": "get-together", "_score": 1.7768369, "_type": "group", "fields": {

"description": "Enterprise search get-togethers are an opportunity to get together with other people doing search.",

"name": "Enterprise search London get-together" #C }

} ...

#A Instead of a regular match query, use a match phrase query

#B Specifies a slop of 2 to tell Elasticsearch to have leeway with the distance between the terms

#C The matching field with “enterprise” and “london” separated by a word

PHRASE_PREFIX QUERY

Similar to the match phrase query, the match phrase_prefix query allows you to go one step further and search for a phrase, but it allows prefix matching on the last term in the phrase. This behavior is extremely useful for providing a running autocomplete for a search box, where the user gets search suggestions while typing a search term. When using the search for this kind of use, it’s a good idea to set the maximum number of expansions for the prefix by setting the max_expansions setting so the search returns in a reasonable amount of time.

In the following example, “elasticsearch den” is used as the phrase_prefix query.

Elasticsearch takes the “den” text and looks across all the values of the name field to check for

those that start with “den” (“Denver”, for example). Because this could potentially be a large set, the number of expansions should be limited.

% curl 'localhost:9200/get-together/group/_search' -d'

"_index": "get-together", "_score": 2.7294521,

#A Uses a phrase prefix instead of a regular phrase query

#B Matches fields containing “Elasticsearch” and another term that starts with “den”

#C Specifies the maximum number of prefix expansions to try

The Boolean and phrase queries are a great choice for accepting user input; they allow you to pass in user input in a much less error-prone way, and unlike a query_string query, a match query won’t choke on reserved characters like +, -, ?, and !.

MATCHING MULTIPLE FIELDS WITH MULTI_MATCH

Although it might be tempting to think that the multi_match query behaves like the terms query by searching for multiple matches in a field, its behavior is slightly different. Instead, it allows you to search for a value across multiple fields. This can be helpful in the get-together example, where you may want to search for a string across both the name of the group and the description:

% curl 'localhost:9200/get-together/_search' -d' {

"query": {

"multi_match": {

"query": "elasticsearch hadoop", "fields": [ "name", "description" ] }

} }'

Just like the match query can be turned into a phrase query, a prefix query, or a phrase prefix query, the multi match query can be turned into a phrase query or phrase prefix

query as well, by specifying the type key. Consider the multi match query exactly like the match query, except that multiple fields can be specified for searching instead of a single field only.

With all the different match queries, it’s possible to find a way to search for almost anything, which is why the match query and its relatives are considered the go-to query type for most uses. We highly recommended you use them whenever possible. For everything else, however, we’ll cover some of the other types of queries that Elasticsearch supports.