ElasticSearch : IN equivalent operator in ElasticSearch

Question

I am trying to find ElasticSearch query equivalent to IN \\ NOT in SQL.

I know we can use QueryString query with multiple OR to get the sam

Answer 1

Similar to what Chris suggested as a comment, the analogous replacement for IN is the terms filter (queries imply scoring, which may improve the returned order).

SELECT * FROM table WHERE id IN (1, 2, 3);

The equivalent Elasticsearch 1.x filter would be:

{
  "query" : {
    "filtered" : {
      "filter" : {
        "terms" : {
          "id" : [1, 2, 3]
        }
      }
    }
  }
}

The equivalent Elasticsearch 2.x+ filter would be:

{
  "query" : {
    "bool" : {
      "filter" : {
        "terms" : {
          "id" : [1, 2, 3]
        }
      }
    }
  }
}

The important takeaway is that the terms filter (and query for that matter) work on exact matches. It is implicitly an or operation, similar to IN.

If you wanted to invert it, you could use the not filter, but I would suggest using the slightly more verbose bool/must_not filter (to get in the habit of also using bool/must and bool).

{
  "query" : {
    "bool" : {
      "must_not" : {
        "terms" : {
          "id" : [1, 2, 3]
        }
      }
    }
  }
}

Overall, the bool compound query syntax is one of the most important filters in Elasticsearch, as are the term (singular) and terms filters (plural, as shown).