Elasticsearch query dsl

Elastic Stack Elasticsearch
1

I posted some simple json documents within a 'message' property in an index.

here is the mapping I have:
Mappings for the WSLogging index:

{
  "ws.loggingtesting-20180504": {
    "mappings": {
      "fluentd": {
        "properties": {
          "@log_name": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "@timestamp": {
            "type": "date"
          },
          "level": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "logger_name": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "message": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword"
              }
            }
          },
          "sequence_id": {
            "type": "long"
          }
        }
      }
    }
  }
}

I have 20 or so entries for logging that look like this:
Mappings for the WSLogging index:

{
  "_index": "ws.loggingtesting-20180504",
  "_type": "fluentd",
  "_id": "XuyxKGMBTx62wVJBapS4",
  "_version": 1,
  "_score": null,
  "_source": {
    "level": "Info",
    "message": "{ \"time\": \"2018-05-03 20:07:21.8465\", \"msg\": \"Testing02 0 on 5\\/3\\/18 - 8:07:21 PM\", \"@target_index\": \"LoggingTesting\", \"HostName\": \"G625C\", \"FullHostName\": \"G625C\", \"IPAddress\": \"10.211.55.3\", \"DomainName\": \"\", \"UserName\": \"G625C\\\\gggg\", \"CallerMemberName\": \"LogInfo\", \"CallerFilePath\": \"C:\\\\code\\\\LoggingTesting\\\\WS.Logging\\\\WSNLogLogger.cs\", \"CallerLineNumber\": 75 }",
    "logger_name": "WS.Logging.WSNLogLogger",
    "sequence_id": 2,
    "@timestamp": "2018-05-03T20:07:21.000000000-05:00",
    "@log_name": "LoggingTesting"
  },
  "fields": {
    "@timestamp": [
      "2018-05-04T01:07:21.000Z"
    ]
  },
  "sort": [
    1525396041000
  ]
}

In DevTools I'm trying to use the Query DSL of different variations. This is the latest, and there are no syntax errors, but there are 0 hits:

GET ws.loggingtesting-20180504/_search
{
"query": {
        "query_string": {
            "query": "testing03*"
        }
    }
}

I've also tried

"query" : {
   "match" : { 
"query": {
"message" : "testing03*"} }}

any assistance is greatly appreciated. Thank you.

2

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

3

thank you for the tip. I have made the adjustments.

4

Try to run the analyze API on the message content and you will see how this is indexed.

I think you should transform the content in more structured data to get advantage of it.

5

thank you. I agree that it would be better to use structured data. I read that mappings are no longer going to be supported in version 7.0.0. I wanted to try to understand how to perform queries on this using Query DSL in it's current form (by default)

6

Mapping will still be there in the future.
Support for Multiple types per index is gone so types will be removed. But mapping still be there.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.