How to add OR condition in Elasticsearch ruby query?

Question

In my use case, I would like to add an OR condition in Elasticsearch query. Here is my query,

  query_body = {
    'query' => {
        'bool' => {
            'must' => [{ 'range' => {'@timestamp' => { 'from' => stream_filters[:first_time].gmtime.strftime("%Y-%m-%dT%H:%M:%SZ"), 'to' => stream_filters[:second_time].gmtime.strftime("%Y-%m-%dT%H:%M:%SZ") } } }, {'term' => {"@timeout" => true} }, {'term' => {"@dest" => dest} }, {'term' => {"@source" => source} }   ]
                } 
              }, 'facets' => facets
          }

I would like to add 'term' => {"@dest" => ' '} empty check for @dest along with 'term' => {"@dest" => dest}

I tried to add an or condition, But it is not working.

query_body = {
      'query' => {
          'bool' => {
              'must' => [{ 'range' => {'@timestamp' => { 'from' => stream_filters[:first_time].gmtime.strftime("%Y-%m-%dT%H:%M:%SZ"), 'to' => stream_filters[:second_time].gmtime.strftime("%Y-%m-%dT%H:%M:%SZ") } } }, {'term' => {"@timeout" => true} }, {'term' => {"@source" => source} }   ],
              'filter' => {
                  'or' => [{
                      'term' => { "@dest" => dest }
                      'term' => { "@dest" => ' ' }
                      }]
                   }
                  }
                }, 'facets' => facets
            }

Could someone help me with this?

score 0 · Answer 1 · answered May 25 '16 at 04:10

It seems like a syntax error in your filter clause. Please try with the correct syntax as below :

  'filter' => {
          'or' => [
                   {
                     'term' => { "@dest" => dest }
                   },
                   {
                      'term' => { "@dest" => ' ' }
                   }
                  ]
           }

How to add OR condition in Elasticsearch ruby query?

1 Answers1