Enrich policy query option seems mis-documented

Hi!

The documentation of the enrich policy definition (Enrich policy definition | Elasticsearch Guide [7.16] | Elastic) says that we're able to change the query type through the "query" setting:

(Optional, string) Query type used to filter documents in the enrich index for matching. Valid value is match_all (default).

I've made the observation that this setting indeed expects a query object, and strings don't work:

    PUT _enrich/policy/asset-host-tags
    {
        "match": {
            "indices": ["assets"],
            "match_field": "host.name",
            "enrich_fields": ["tags"],
            "query": {
              "exists": {
                "field": "host.name"
              }
            }
        }
    }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.