Lab 1.3: Information out

Objective:

In this lab, you will explore different ways to retrieve documents from the blogs index.

In Discover, ensure that the blogs data view is selected and the time filter is set to Last 13 years.
In the query bar, enter certification. How many hits do you get?

Solution

You should get 51 hits.
To make the query more specific, and only search for blogs that have the word "certification" in the title, enter title:certification in the query bar. How many hits do you get now?

Solution

Only two documents have the word "certification" in the "title" field.
From Kibana's main menu, select Dev Tools to open Console.
One of the query languages that Elasticsearch supports is SQL. Execute the following SQL command to retrieve all data in the my_index index:
```
POST /_sql?format=txt
{
  "query": "SELECT * FROM my_index"
}
```
As an Elasticsearch engineer, the query language you will use most often is the query DSL. Let's use the query DSL to mimic the last query that you executed in Discover. Write a match query on the blogs index that searches for blogs with the word certification in the blog's title field. You should get 2 hits.
Solution
```
GET blogs/_search
{
  "query": {
    "match": {
      "title": "certification"
    }
  }
}
```
Change the query so that it searches for blogs with the words Elastic certification in the title field. How many hits did you get?
Solution
```
GET blogs/_search
{
  "query": {
    "match": {
      "title": "Elastic certification"
    }
  }
}
```
Notice you get 1689 hits when you search for Elastic certification in the title. Why do you think there are 1687 additional hits?

Solution

The match query uses or logic by default, so a query for "Elastic certification" returns blogs with either "Elastic" or "certification" in the title. It should be no surprise that we publish a lot of blogs that have "Elastic" in the title.
If you wanted to know which 10 authors have written the most blog posts, would you use a query or an aggregation to find out?

Solution

An aggregation

Execute the following request to retrieve the top 10 authors:

GET blogs/_search
{
  "size": 0,
  "aggregations": {
    "top_authors": {
      "terms": {
        "field": "authors.full_name.keyword"
      }
    }
  }
}

In module 3, "You Know, for Search", you will learn the details of how these queries work in Elasticsearch and how they find and score hits. In module 5, you will learn more about aggregations.

Summary:

In this lab, you wrote a couple of queries in Console and saw the difference between queries and aggregations.