Elasticsearch Search Request Structure and Query DSL Guide
This article provides a comprehensive guide to Elasticsearch search requests, detailing the routing process, request structure, core modules like query, size, from, _source, and sort, and illustrating various query and filter types such as match, term, range, bool, and wildcard with practical curl examples.
Elasticsearch Search Request Structure
Elasticsearch (ES) processes search requests by routing them to the relevant primary or replica shards. The default query_then_fetch flow collects ranking information from all shards, then returns only the needed documents.
1. Search Request Structure
All REST search requests use the _search endpoint and can be sent via GET or POST. The scope can be limited by specifying an index or indices in the URL.
# Search the whole cluster
curl '172.16.1.127:9200/_search?pretty'
# Search a specific index
curl '172.16.1.127:9200/get-together/_search?pretty'
# Search multiple indices
curl '172.16.1.127:9200/get-together,dbinfo/_search?pretty'
# Fuzzy index name matching
curl '172.16.1.127:9200/+get-toge*,-get-together/_search?pretty'Limiting the search to the smallest possible set of indices improves performance because each index is split into shards that must be queried.
Basic Modules of a Search Request
query : DSL that defines the search criteria (similar to SQL WHERE).
size : Number of documents to return (SQL LIMIT).
from : Offset for pagination (SQL OFFSET).
_source : Controls which source fields are returned (SQL SELECT * can be narrowed).
sort : Ordering of results (SQL ORDER BY).
Simple Examples
Return the second page of 10 results:
curl '172.16.1.127:9200/get-together/_search?from=10&size=10&pretty'Sort by date ascending and return the first 10 documents:
curl '172.16.1.127:9200/get-together/_search?sort=date:asc&pretty'Return only title and date fields:
curl '172.16.1.127:9200/get-together/_search?_source=title,date&pretty'2. Queries and Filters
Queries calculate relevance scores, while filters only answer yes/no and are usually faster and cacheable.
match
match_all: Returns all documents (no WHERE clause). match: Full‑text match on a field, case‑insensitive. match_phrase: Exact phrase match with optional slop for word gaps. match_phrase_prefix: Prefix match on a phrase. multi_match: Same as match but across multiple fields.
# match_all example
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"match_all":{}}}'
# match title containing "hadoop"
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"match":{"title":"hadoop"}}}'term
Exact, not analyzed, term matching.
# term query
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"term":{"tags":"elasticsearch"}},"_source":["name","tags"]}'range
Numeric or date range queries.
# date range query
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"range":{"created_on":{"gt":"2012-06-01","lt":"2012-09-01"}}}}'bool
Combines multiple clauses with must, should, must_not, and filter. Example requiring "david" and a date after 2013‑06‑30, while optionally matching "clint" or "andy":
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{
"query": {
"bool": {
"must": [{"term":{"attendees":"david"}}],
"should": [{"term":{"attendees":"clint"}},{"term":{"attendees":"andy"}}],
"must_not": [{"range":{"date":{"lt":"2013-06-30T00:00"}}}],
"minimum_should_match": 1
}
}
}'3. Advanced Query Types
wildcard
Supports * (any sequence) and ? (single character) patterns.
# Create test index and documents
curl -XPOST '172.16.1.127:9200/wildcard-test/_doc/1' -H 'Content-Type: application/json' -d '{"title":"The Best Bacon Ever"}'
curl -XPOST '172.16.1.127:9200/wildcard-test/_doc/2' -H 'Content-Type: application/json' -d '{"title":"How to raise a barn"}'
# ba*n matches both "bacon" and "barn"
curl '172.16.1.127:9200/wildcard-test/_search' -H 'Content-Type: application/json' -d '{"query":{"wildcard":{"title":{"wildcard":"ba*n"}}}}'exists / missing
Filter documents that have (or lack) a value in a specific field.
# exists filter
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"bool":{"filter":{"exists":{"field":"location_event.geolocation"}}}}'
# missing (documents without a field)
curl '172.16.1.127:9200/get-together/_search' -H 'Content-Type: application/json' -d '{"query":{"bool":{"must_not":{"exists":{"field":"reviews"}}}}'}4. Choosing the Right Query for a Task
The table below maps common use‑cases to the most suitable Elasticsearch query type (e.g., match for free‑text search, term for exact keyword search, bool for combining multiple criteria, etc.).
Use‑case
Recommended Query
Google‑style user input search
simple_query_string
Phrase search with slop
match_phrase
Exact keyword on not_analyzed field
term
Combine many different criteria
bool
Search across multiple fields
multi_match
Return all documents
match_all
Range query on a field
range
Prefix search / autocomplete
prefix
Find documents missing a field
missing (exists + must_not)
Understanding these patterns helps you build efficient, maintainable search solutions on Elasticsearch.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Big Data Technology & Architecture
Wang Zhiwu, a big data expert, dedicated to sharing big data technology.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.