Elastic Search not working correctly in case of quoted search

kranti_vns · August 10, 2011, 2:05pm

deleted -

medcl_net · August 11, 2011, 3:22am

I think you could try to encode the "queryString" before perform the
request,and if you didn't specify the field explicitly,ES will use "_all" as
the default ,and you can set the queryString like that:
âfiled:your_queryString".

BTW make sure your the queryString follow the lucene syntax.

yours,
medcl

-----Original Message-----
From: kranti.vns
Sent: Wednesday, August 10, 2011 10:05 PM
To: elasticsearch@googlegroups.com
Subject: Elastic Search not working correctly in case of quoted search

Hi,

I am using below query to get the results from ElasticSearch server :

QueryBuilder qb =
QueryBuilders.queryString(queryString).defaultOperator(Operator.AND).

allowLeadingWildcard(false).analyzer(getDefaultAnalyzer()).useDisMax(true);

Suppose we set queryString="apache directory"; then we are getting the below
result :

snort[123]: [1:1156:9] WEB-MISC apache directory disclosure attempt
[Classification: Attempted Denial of Service] [Priority: 2] {TCP}
9.47.249.56:23311 -> 75.242.12.140:46469
snort[123]: [1:1156:9] WEB-MISC apache directory disclosure attempt
[Classification: Attempted Denial of Service] [Priority: 2] {TCP}
44.186.116.134:41705 -> 160.31.245.45:53078

Note that the above result doesn't have any term like "apache directory".But
When we set queryString="apache directory"; i.e. now quotes (") are part
of queryString,we are getting the below results:

snort[123]: [1:1156:9] WEB-MISC apache directory disclosure attempt
[Classification: Attempted Denial of Service] [Priority: 2] {TCP}
9.47.249.56:23311 -> 75.242.12.140:46469
snort[123]: [1:1156:9] WEB-MISC apache directory disclosure attempt
[Classification: Attempted Denial of Service] [Priority: 2] {TCP}
44.186.116.134:41705 -> 160.31.245.45:53078

This shouldn't be the case as there are no terms like "apache directory"
i.e. apache directory bounded by quotes.
Can you please suggest the reason for this uneven results.

Thanks
Kranti

--
View this message in context:
http://elasticsearch-users.115913.n3.nabble.com/Elastic-Search-not-working-correctly-in-case-of-quoted-search-tp3242658p3242658.html
Sent from the ElasticSearch Users mailing list archive at Nabble.com.