Add some features base on https://github.com/aquasecurity/esquery/pull/12

SearchAfter: https://www.elastic.co/guide/en/elasticsearch/reference/current/paginate-search-results.html#search-after Term Aggregation Order: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#search-aggregations-bucket-terms-aggregation-order Aggregation Include Filter:https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#_filtering_values_4

Motivation:

I was wondering, why there is no ability to pass boost in match statement, however it is available for bool and term statements. So I decided to add this behavior.

Done:

In this pr I added support for boost inside match statement to omit overcomplicating queries, I also opened related issue and added some examples there.

Related links

See related issue by following link.

This commit adds support for ElasticSearch's Delete by Query API. Usage is very similar to that of Search and Count requests:

esquery.Delete().
    Index("index_1, "index_2").
    Query(esquery.Bool()...).
    Run(
        es,
        esapi.WithAnalyzeWildcard(true),
    )

This PR adds the ability to use the "sort", "_source" and "post_filter" attributes in search requests, via the new methods Sort, SourceIncludes and SourceExcludes.

For example:

        esquery.Search().
            Query(...).
            Aggs(...).
            Sort("field_1", esquery.OrderAsc).
            Sort("field_2", esquery.OrderDesc).
            PostFilter(esquery.Range(field).Gt(0)).
            SourceIncludes("field_1", "field_2").
            SourceExcludes("field_3").
            Run(...)

Hi,

First thanks for creating this package. Its coming at a good time because I need a flexible query builder given criteria user's input and I found your package was just released.

One feature I think I need is the ability to sort fields. Looking at the package docs I don't see how I can do that. Would this be a feature you'd consider adding?

Here are the ES docs: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-body.html#request-body-search-sort

Thanks!

This commit adds initial support for Count requests, which are simple search requests asking to get the number of matches for a query.

The functionality is provided by the Count() function, which accepts a query object (implementing the Mappable interface), and can be executed just like a search request.

res, err := esquery.
    Count(esquery.Match("user", "someone")).
    Run(es)

This commit implements a Search() function, which allow for running search requests with both a query and aggregations. This function is meant to more accurately implement the structure of search requests accepted by ElasticSearch's Search API.

The Query() and Aggregate() functions are still included by the library, but now simply call Search() internally, making them simple shortcuts.

Two new aggregations are also added: "terms" and "top_hits". These are implemented a bit differently than previously implemented ones. The structs and methods for ElasticSearch queries and aggregations will eventually be auto-generated from a specification file, and will look more like the new implementations of these new aggregations.

This commit performs the following modifications:

• The library is properly documented in Godoc format.

• The CustomQuery function is made to be a bit more versatile by allowing it to also be used standalone (i.e. instead of passing a CustomQuery as a parameter to the Query function, they now have their own Run method).

• Queries and aggregations can now also be executed using the RunSearch method. This method is the same as the Run method, except that instead of an *elasticSearch.Client value, it accepts an esapi.Search value. This is provided for consuming code that needs to implement mock clients of ElasticSearch (e.g. for test purposes). The ElasticSearch client does not provide an interface type describing its API, so its Search function (which is actually a field of a function type) can be used instead.

• Bugfix: the CustomAgg function was unusable as it did not accept a name parameter and thus did not implement the Aggregation interface.

• Bugfix: the enumeration types are rewritten according to Go standards, and the RangeRelation type's default value is now empty.

• The golint and godox linters are added.

The Run() method on the QueryRequest type would fail, since it would encode the inner body of the query to JSON and not the complete, outer body (i.e. including the "body: {}" portion).

The commit also adds MarshalJSON() methods to both QueryRequest and AggregationRequest, allowing them to implement the json.Marshaller interface, and providing easier debugging of the library. A test skeleton for this is also added.

Hello. I propose to support elasticsearch v8. What do you think about renaming module and support tags such as https://github.com/elastic/go-elasticsearch?

Hi all,

how to make nested query filtering parent based on nested child object, also filter the child to, something query like this?

{
    "query": {
        "bool": {
            "must": [
                {
                    "range": {
                        "date": {
                            "lt": "2018-07-05T10:00:00.000Z"
                        }
                    }               
                },
                {
                    "nested": {
                        "path": "child",
                        "query": {
                            "bool": {
                                "must_not": {
                                    "term": {
                                        "child.foo": 0
                                    }       
                                }
                            }
                        }
                    }
                }
            ]
        }
    }
}

thank in advice

This library currently depends on go-elasticsearch to implement some of the Search functionality. Without getting into a discussion on the opensearch/elasticsearch fork, what this libary accomplishes with the the query builder component is amazing! Makes writing queries so much better.

As a user of opensearch, I'd like to be able to continue to use esquery's Query builder.

Currently while I can accomplish this (code below) I suspect later updates may break it. I'd like to open a discussion on potentially maintaining this feature. I noticed Query returns a full Search object when it's marshaled into JSON, currently this seems to be overridden by the opensearch client/backend. But it'd be great if the integration was a bit cleaner.

client, err := opensearch.NewDefaultClient()
query := esquery.Query(
	esquery.Bool().
	Filter(
		esquery.Range("@timestamp").Gt("now"),
	)
)

searchResponse, err := client.Search(
	client.Search.WithContext(ctx),
	client.Search.WithIndex("foo"),
	client.Search.WithBody(opensearchutil.NewJSONReader(&query)),
	client.Search.WithSort("@timestamp:asc"),
)

Thank you for such a great library.

Hello, Would it be possible to support a query string query with required must fields? References: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html