Elasticsearch - how to curl what I need from localhost:9200?

Here's a link to my SO question no one answered:
https://stackoverflow.com/questions/54962586/elasticsearch-curl-error-when-trying-to-search

To reiterate from that question, I have an index called threat-reports, and one of the tags is Title, which contains something along the lines of CVE-1999-0001.json, CVE-1999-0002.json, etc. I entered in a query in Kibana to match only the Title CVE-1999-0003.json and Kibana came up with this query:

{
  "query": {
    "match": {
      "Title": {
        "query": "CVE-1999-0003.json",
        "type": "phrase"
      }
    }
  }
}

However, when I try and convert that to a curl command (since I can't find a place in Kibana to do so), my command looks like this (which seems to work for other things just fine):

curl -X GET "localhost:9200/_search?pretty" -H 'Content-Type: application/json' -d '
{
  "query": {
    "match": {
      "Title": {
        "query": "CVE-1999-0003.json",
        "type": "phrase"
      }
    } 
  }
}
'

But curl returns

{
  "error" : {
    "root_cause" : [
      {
        "type" : "parsing_exception",
        "reason" : "[match] query does not support [type]",
        "line" : 7,
        "col" : 17
      }
    ],
    "type" : "parsing_exception",
    "reason" : "[match] query does not support [type]",
    "line" : 7,
    "col" : 17
  },
  "status" : 400
}

Does anyone know how to fix this? I really need to be able to index my titles so that I don't add a duplicate entry in the database.

May be look at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query-phrase.html

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.