Hi!
The documentation of the enrich policy definition (Enrich policy definition | Elasticsearch Guide [7.16] | Elastic) says that we're able to change the query type through the "query" setting:
(Optional, string) Query type used to filter documents in the enrich index for matching. Valid value is
match_all
(default).
I've made the observation that this setting indeed expects a query object, and strings don't work:
PUT _enrich/policy/asset-host-tags
{
"match": {
"indices": ["assets"],
"match_field": "host.name",
"enrich_fields": ["tags"],
"query": {
"exists": {
"field": "host.name"
}
}
}
}