Given the following Elasticsearch query, which option correctly describes what it returns?
{
"query": {
"match": {
"message": "error"
}
}
}Think about what the match query does in Elasticsearch.
The match query searches for documents that contain the word 'error' in the specified field. It does not require an exact phrase match and does not include other words like 'warning'.
In an Elasticsearch search query, what does the size parameter control?
Think about what you want to limit when you get search results.
The size parameter limits how many documents Elasticsearch returns in the search results. It does not affect document size or shards.
Consider this query. What documents will it return?
{
"query": {
"bool": {
"must": {
"match": { "status": "active" }
},
"filter": {
"range": { "age": { "gte": 30 } }
}
}
}
}Remember how bool queries combine must and filter.
The bool query requires both conditions: the must clause matches documents with 'status' containing 'active', and the filter clause restricts to documents with 'age' greater or equal to 30.
Look at this query. What error will Elasticsearch return?
{
"query": {
"match": {
"message": ["error", "failure"]
}
}
}Check the expected data type for the 'match' query value.
The match query expects a single string value. Passing a list causes a parsing_exception error.
Given this Elasticsearch query, how many documents will be returned if the index contains 100 documents where 40 have 'status' as 'active', 30 have 'age' ≥ 30, and 20 have both conditions?
{
"query": {
"bool": {
"should": [
{ "match": { "status": "active" } },
{ "range": { "age": { "gte": 30 } } }
],
"minimum_should_match": 1
}
}
}Use the formula for union of two sets: |A| + |B| - |A ∩ B|.
The query uses a bool query with should clauses and minimum_should_match: 1, which acts as an OR condition. It matches documents where 'status' contains 'active' (40 docs) OR 'age' ≥ 30 (30 docs), with 20 docs satisfying both. Total unique matching documents: 40 + 30 - 20 = 50.