Elasticsearch-使用n-gram搜索通配符

问题描述

我有一个要求，要求用户输入一些字符，并希望获得类似于sql的查询结果。我使用n-gram是因为我看到很多人建议避免使用通配符搜索。但是，返回数据有时是无关紧要的，因为它包含文本中的字符但混合在一起。我添加了分数，但是没有用。有人有什么建议吗？谢谢。

更新

以下是索引设置：

"settings": {
    "index": {
        "lifecycle": {
            "name": "audit_log_policy","rollover_alias": "audit-log-alias-test"
        },"analysis": {
            "analyzer": {
                "abi_analyzer": {
                    "tokenizer": "n_gram_tokenizer"
                }
            },"tokenizer": {
                "n_gram_tokenizer": {
                    "token_chars": [
                        "letter","digit"
                    ],"min_gram": "3","type": "ngram","max_gram": "10"
                }
            }
        },"number_of_shards": "1","number_of_replicas": "1","max_ngram_diff": "10","max_result_window": "100000"
    }
}

这是字段的映射方式：

"resourceCode": {
    "type": "text","fields": {
        "ngram": {
            "analyzer": "abi_analyzer","type": "text"
        },"keyword": {
            "ignore_above": 256,"type": "keyword"
        }
    }
},"logDetail": {
    "type": "text","keyword": {
            "ignore_above": 8191,"type": "keyword"
        }
    }
}

这就是我的查询方式：

query_string: {
    fields: ["logDetail.ngram","resourceCode.ngram"],query: data.searchInput.toLowerCase(),}

样品

这是示例查询：

{
    "query": {
        "bool": {
            "must": [
                {
                    "terms": {
                        "organizationIds": [
                            ...
                        ]
                    }
                },{
                    "range": {
                        "createdAt": {
                            "gte": "2020-08-11T17:00:00.000Z","lte": "2020-08-31T16:59:59.999Z"
                        }
                    }
                },{
                    "multi_match": {
                        "fields": [
                            "logDetail.ngram","resourceCode.ngram"
                        ],"query": "0004"
                    }
                }
            ]
        }
    },"sort": [
        {
            "createdAt": "desc"
        }
    ],"track_scores": true,"size": 20,"from": 0
}

这是不相关的分数

{
    "_index": "user-interaction-audit-log-test-000001","_type": "_doc","_id": "ae325b4a6b45442cbf8a44d595e9a747","_score": 3.4112902,"_source": {
        "logoperation": "UPDATE","resource": "CUSTOMER","resourceCode": "Htest11211","logDetail": "<div>Updated Mobile Number from <var isolate><b>+84966123451000<\/b><\/var> to <var isolate><b>+849<\/b><\/var><\/div>","organizationIds": [
            "5e72ea0e4019f01fad0d91c9",],"createdAt": "2020-08-20T08:13:36.026Z","username": "test_user","module": "PARTNER","component": "WEB_APP"
    },"sort": [
        1597911216026
    ]
}

解决方法

问题是您没有specified any search analyzer。因此，您的搜索输入也将由abi_analyzer分析，并且0004被标记为000和004。前一个令牌，即000与logDetail.ngram字段中的一个令牌匹配。

您需要做的是为映射中的两个字段都指定一个standard search_analyzer，这样您就不必分析搜索输入，而只需尝试使用相同的索引标记将其匹配：

"resourceCode": {
    "type": "text","fields": {
        "ngram": {
            "analyzer": "abi_analyzer","search_analyzer": "standard",<--- here
            "type": "text"
        },"keyword": {
            "ignore_above": 256,"type": "keyword"
        }
    }
},"logDetail": {
    "type": "text","keyword": {
            "ignore_above": 8191,"type": "keyword"
        }
    }
}

如果您不想因为不想重新索引数据而更改映射，还可以在查询时指定搜索分析器：

            {
                "multi_match": {
                    "fields": [
                        "logDetail.ngram","resourceCode.ngram"
                    ],"analyzer": "standard",<--- here
                    "query": "0004"
                }
            }

更新：

        "analyzer": {
            "abi_analyzer": {
                "tokenizer": "n_gram_tokenizer"
                "filter": ["lowercase"]
            }
        },

elasticsearch elasticsearch full-text-search n-gram

Elasticsearch-使用n-gram搜索通配符

问题描述

解决方法

相关问答