Bird
Raised Fist0
Elasticsearchquery~5 mins

Percolate queries (reverse search) in Elasticsearch - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is a percolate query in Elasticsearch?
A percolate query lets you register queries and then check if a document matches any of those stored queries. It's like reverse searching: instead of searching documents with a query, you search queries with a document.
Click to reveal answer
intermediate
How do you register a query for percolation in Elasticsearch?
You index a document into a special index with a percolator field type, where the document contains the query you want to register. This stored query can later be matched against incoming documents.
Click to reveal answer
beginner
What is the main difference between a normal search and a percolate query?
Normal search finds documents matching a query. Percolate query finds queries matching a document. It's like flipping the search direction.
Click to reveal answer
beginner
Which Elasticsearch field type is required to use percolate queries?
The 'percolator' field type is required. It stores queries as documents so they can be matched against incoming documents.
Click to reveal answer
intermediate
Can percolate queries be used for real-time alerting? Why or why not?
Yes, because you can register queries representing conditions to watch for, then percolate incoming documents to see if they match any condition, triggering alerts quickly.
Click to reveal answer
What does a percolate query in Elasticsearch do?
AFinds stored queries that match a given document
BFinds documents that match a given query
CIndexes documents faster
DDeletes stored queries
Which field type must be used to store queries for percolation?
Akeyword
Bpercolator
Ctext
Dnested
What is the main use case of percolate queries?
AIndex mapping
BFull text search
CAggregations
DReverse search to find matching queries for a document
How do you perform a percolate query in Elasticsearch?
ABy deleting documents
BBy sending a query to match stored documents
CBy sending a document in the query to match stored queries
DBy updating the index mapping
Can percolate queries be used for alerting on new data?
AYes, they can match new documents against stored queries
BNo, they are only for indexing
CNo, they only work on old data
DYes, but only for deleting documents
Explain how percolate queries work in Elasticsearch and give a simple example use case.
Think about searching queries instead of documents.
You got /4 concepts.
    Describe the steps to register a query for percolation and then use a percolate query to find matches.
    Focus on how queries are stored and how documents are matched.
    You got /3 concepts.

      Practice

      (1/5)
      1.

      What is the main purpose of a percolate query in Elasticsearch?

      easy
      A. To find stored queries that match a new document
      B. To update documents in an index
      C. To delete documents based on a condition
      D. To aggregate data by terms

      Solution

      1. Step 1: Understand percolate query concept

        A percolate query is used to find stored queries that match a new document, reversing the usual search direction.

      2. Step 2: Compare options with concept

        The other options describe other Elasticsearch operations, not percolate queries.

      3. Final Answer:

        To find stored queries that match a new document -> Option A

      4. Quick Check:

        Percolate query = find matching stored queries [OK]
      Hint: Percolate queries match queries to documents, not documents to queries [OK]
      Common Mistakes:
      • Confusing percolate query with regular search
      • Thinking it updates or deletes documents
      • Mixing it with aggregation queries
      2.

      Which mapping type must be included in an Elasticsearch index to use percolate queries?

      {
  "mappings": {
    "properties": {
      "query": {
        "type": "???"
      }
    }
  }
}
      easy
      A. "percolator"
      B. "text"
      C. "keyword"
      D. "nested"

      Solution

      1. Step 1: Identify required field type for percolate queries

        Elasticsearch requires a special field type called "percolator" to store queries for percolate queries.

      2. Step 2: Match options with required type

        Only "percolator" uses "percolator" type; others are for different purposes.

      3. Final Answer:

        "percolator" -> Option A

      4. Quick Check:

        Percolate field type = "percolator" [OK]
      Hint: Use "percolator" type for storing queries in mapping [OK]
      Common Mistakes:
      • Using "text" or "keyword" instead of "percolator"
      • Confusing nested type with percolator
      • Omitting the percolator field in mapping
      3.

      Given the following percolate query, what will it return?

      {
  "query": {
    "percolate": {
      "field": "query",
      "document": {
        "message": "Elasticsearch alerting"
      }
    }
  }
}

      Assuming the index has stored queries matching documents containing "alerting".

      medium
      A. Documents containing the word "alerting"
      B. An error because "document" is missing an ID
      C. All documents in the index
      D. Stored queries that match the document with message "Elasticsearch alerting"

      Solution

      1. Step 1: Understand percolate query behavior

        The percolate query matches stored queries against the provided document, returning matching stored queries.

      2. Step 2: Analyze the given query

        The query uses "document" with a message field; it will find stored queries matching this document's content.

      3. Final Answer:

        Stored queries that match the document with message "Elasticsearch alerting" -> Option D

      4. Quick Check:

        Percolate query returns matching stored queries [OK]
      Hint: Percolate queries return stored queries matching the input document [OK]
      Common Mistakes:
      • Thinking it returns documents instead of queries
      • Assuming document ID is required for percolate query
      • Confusing percolate with regular search
      4.

      Identify the error in this percolate query:

      {
  "query": {
    "percolate": {
      "field": "query"
      "document": {
        "content": "Test document"
      }
    }
  }
}
      medium
      A. "field" should be "query_field"
      B. Missing comma between "field" and "document" fields
      C. "document" must include an "id" field
      D. Percolate query cannot use 'content' field in document

      Solution

      1. Step 1: Check JSON syntax in query

        Between "field" and "document" keys, a comma is missing, causing invalid JSON.

      2. Step 2: Validate other parts

        "field" name is correct, "document" can omit "id", and "content" is valid as document content.

      3. Final Answer:

        Missing comma between "field" and "document" fields -> Option B

      4. Quick Check:

        JSON syntax error = missing comma [OK]
      Hint: Check commas between JSON fields carefully [OK]
      Common Mistakes:
      • Forgetting commas between JSON keys
      • Assuming document must have an ID
      • Changing field names unnecessarily
      5.

      You want to build an alert system that triggers when new documents match any stored queries. Which steps are necessary to implement this using percolate queries?

      hard
      A. Use aggregation queries on documents to find alerts
      B. Store documents in a normal index, then run a regular search for alerts
      C. Create an index with a percolator field, store queries, then percolate new documents against stored queries
      D. Create a nested field for queries and filter documents manually

      Solution

      1. Step 1: Setup index with percolator field

        Define an index mapping with a "percolator" type field to store queries for reverse matching.

      2. Step 2: Store queries and percolate new documents

        Index the alert queries into the percolator field, then use percolate queries to check if new documents match any stored queries.

      3. Final Answer:

        Create an index with a percolator field, store queries, then percolate new documents against stored queries -> Option C

      4. Quick Check:

        Percolate queries enable alerting by matching docs to stored queries [OK]
      Hint: Store queries in percolator field, then percolate new docs [OK]
      Common Mistakes:
      • Using regular search instead of percolate queries
      • Not defining percolator field in mapping
      • Trying to use aggregations for alerting