One of Elasticsearch’s strengths is that it creates an index for the values of every field. You can use those indexes to construct complex queries across all of your data.
The bool query allows you to specify multiple clauses along with logic for combining results that match those clauses. You specify fields and values that must match in the must section. All must clauses must match for a document to match the query. These clauses represent a Boolean AND. You can also specify fields and values that should match – representing a Boolean OR. Finally you can specify fields and values that _mustnot match (Boolean NAND).
Enter the following query in the left pane of Kibana’s Dev Tools pane:
GET movies/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"actors.keyword": {
"value": "Mark Hamill"
}
}
},
{
"range": {
"running_time_secs": {
"gte": "6000"
}
}
},
{
"range": {
"release_date": {
"gte": "1970-01-01",
"lte": "1980-01-01"
}
}
}
],
"should": [
{
"range": {
"rating": {
"gte": 8.0
}
}
}
]
}
}
}Spend some time experimenting with different fields and values. You can use Kibana’s auto-complete feature to help you figure out different query types (the above query uses term and range, but there are many more, including match, _matchphrase, and span.