waylon/learn-searchcraft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
learn-searchcraft/pages/query.md
Waylon S. Walker a153bf1bb4 init
2025-07-15 12:30:09 -05:00

166 lines
3.3 KiB
Markdown
Raw Blame History

# 🔍 Searchcraft Query Guide
Searchcraft lets you construct powerful search queries with structured JSON. This guide shows how to:
* Combine **exact and fuzzy** queries
* Search logs **within a time range**
* Use **curl**, **Python (httpx)**, and **JavaScript (fetch)** to query
---
## ✅ Mixing Exact and Fuzzy Queries
You can combine multiple types using a `boolean` query with `must`, `should`, or `must_not` clauses.
### JSON Query Example
```json
{
"query": {
"type": "boolean",
"must": [
{ "type": "term", "field": "username", "value": "wyatt" },
{ "type": "fuzzy", "field": "message", "value": "falcon" }
]
}
}
```
---
## 🕓 Searching Logs by Time Range
Use a `range` query on a timestamp field:
```json
{
"query": {
"type": "range",
"field": "timestamp",
"gte": "now-24h",
"lte": "now"
}
}
```
Or combine it:
```json
{
"query": {
"type": "boolean",
"must": [
{ "type": "term", "field": "username", "value": "wyatt" },
{
"type": "range",
"field": "timestamp",
"gte": "now-24h",
"lte": "now"
},
{ "type": "fuzzy", "field": "message", "value": "falcon" }
]
}
}
```
---
## 💻 curl Example
```bash
curl -X POST https://your.searchcraft.domain/index/logs/search \
-H "Content-Type: application/json" \
-d '{
"query": {
"type": "boolean",
"must": [
{ "type": "term", "field": "username", "value": "wyatt" },
{ "type": "fuzzy", "field": "message", "value": "falcon" },
{
"type": "range",
"field": "timestamp",
"gte": "now-24h",
"lte": "now"
}
]
}
}'
```
---
## 🐍 Python (httpx) Example
```python
import httpx
payload = {
"query": {
"type": "boolean",
"must": [
{"type": "term", "field": "username", "value": "wyatt"},
{"type": "fuzzy", "field": "message", "value": "falcon"},
{
"type": "range",
"field": "timestamp",
"gte": "now-24h",
"lte": "now"
}
]
}
}
response = httpx.post(
"https://your.searchcraft.domain/index/logs/search",
json=payload
)
print(response.json())
```
---
## 🌐 JavaScript (fetch) Example
```js
const payload = {
query: {
type: "boolean",
must: [
{ type: "term", field: "username", value: "wyatt" },
{ type: "fuzzy", field: "message", value: "falcon" },
{
type: "range",
field: "timestamp",
gte: "now-24h",
lte: "now"
}
]
}
};
fetch("https://your.searchcraft.domain/index/logs/search", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(payload)
})
.then(res => res.json())
.then(console.log)
.catch(console.error);
```
---
## 🧠 Summary Table
| Task | Query Type |
| ------------------------------ | ---------- |
| Exact match | `term` |
| Fuzzy match (typo-tolerant) | `fuzzy` |
| Filter by date or number range | `range` |
| Combine multiple conditions | `boolean` |
| OR logic | `should` |
| Exclude conditions | `must_not` |
---
Want help customizing this to your logs/index schema? Just ask!
Reference in a new issue View git blame Copy permalink