waylon/learn-searchcraft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
learn-searchcraft/pages/query.md
Waylon S. Walker a153bf1bb4 init
2025-07-15 12:30:09 -05:00

3.3 KiB
Raw Blame History

🔍 Searchcraft Query Guide

Searchcraft lets you construct powerful search queries with structured JSON. This guide shows how to:

  • Combine exact and fuzzy queries
  • Search logs within a time range
  • Use curl, Python (httpx), and JavaScript (fetch) to query

Mixing Exact and Fuzzy Queries

You can combine multiple types using a boolean query with must, should, or must_not clauses.

JSON Query Example

{
  "query": {
    "type": "boolean",
    "must": [
      { "type": "term", "field": "username", "value": "wyatt" },
      { "type": "fuzzy", "field": "message", "value": "falcon" }
    ]
  }
}

🕓 Searching Logs by Time Range

Use a range query on a timestamp field:

{
  "query": {
    "type": "range",
    "field": "timestamp",
    "gte": "now-24h",
    "lte": "now"
  }
}

Or combine it:

{
  "query": {
    "type": "boolean",
    "must": [
      { "type": "term", "field": "username", "value": "wyatt" },
      {
        "type": "range",
        "field": "timestamp",
        "gte": "now-24h",
        "lte": "now"
      },
      { "type": "fuzzy", "field": "message", "value": "falcon" }
    ]
  }
}

💻 curl Example

curl -X POST https://your.searchcraft.domain/index/logs/search \
  -H "Content-Type: application/json" \
  -d '{
    "query": {
      "type": "boolean",
      "must": [
        { "type": "term", "field": "username", "value": "wyatt" },
        { "type": "fuzzy", "field": "message", "value": "falcon" },
        {
          "type": "range",
          "field": "timestamp",
          "gte": "now-24h",
          "lte": "now"
        }
      ]
    }
  }'

🐍 Python (httpx) Example

import httpx

payload = {
    "query": {
        "type": "boolean",
        "must": [
            {"type": "term", "field": "username", "value": "wyatt"},
            {"type": "fuzzy", "field": "message", "value": "falcon"},
            {
                "type": "range",
                "field": "timestamp",
                "gte": "now-24h",
                "lte": "now"
            }
        ]
    }
}

response = httpx.post(
    "https://your.searchcraft.domain/index/logs/search",
    json=payload
)
print(response.json())

🌐 JavaScript (fetch) Example

const payload = {
  query: {
    type: "boolean",
    must: [
      { type: "term", field: "username", value: "wyatt" },
      { type: "fuzzy", field: "message", value: "falcon" },
      {
        type: "range",
        field: "timestamp",
        gte: "now-24h",
        lte: "now"
      }
    ]
  }
};

fetch("https://your.searchcraft.domain/index/logs/search", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify(payload)
})
  .then(res => res.json())
  .then(console.log)
  .catch(console.error);

🧠 Summary Table

Task Query Type
Exact match term
Fuzzy match (typo-tolerant) fuzzy
Filter by date or number range range
Combine multiple conditions boolean
OR logic should
Exclude conditions must_not

Want help customizing this to your logs/index schema? Just ask!