Filtered query returning unwanted results

Hello,

We've been using elasticsearch for a while now in my company and we
recently discovered that certain queries are returning unwanted results.

I've created a gist https://gist.github.com/yairnm/14bca137879212cf64f2that
recreates the problem on a newly index without mapping

The use case is quite simple, I have the following document:
{
"collected" : {
"etag" : ""KOlSfwGpwASvJB5lLGkjWDc36DY/R9KZ-VQJQP18W3NNaJcSpQlPgaY"",
"is_success" : true,
"action_type" : "password"
},
"timestamp" : 1399820164000,
"instanceId" : 0,
"collected_event" : true,
"tenantId" : 2,
"eventType" : 589825
}

And I try to run a filtered query, that has terms and query_string:
{
"filter" : {
"and" : [{
"term" : {
"tenantId" : 2
}
}, {
"not" : {
"term" : {
"eventType" : 589844
}
}
}, {
"not" : {
"term" : {
"collected_event" : false
}
}
}
]
},
"query" : {
"query_string" : {
"query" : ""sfoun"",
"lenient" : true,
"fields" : ["collected.*"]
}
}
}

I expect the filtered query to yield zero results since the document
doesn't meet with the query_string.

You can try and replace the text in query_string to anything you like but
still get the results.
My guess is that I'm missing out something or I don't fully understand how
queries work.

Thanks in advance,
Yarin.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0f1bdb3c-2c8a-48ab-8572-0b6bba71302e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

One side note, if I change the query_string fields to be either
'collected.etag' or 'collected.action_type' the document is filtered
properly.
If I include 'collected.'is_success' I still get the document.

On Tuesday, May 20, 2014 6:43:05 PM UTC+3, Yarin Miran wrote:

Hello,

We've been using elasticsearch for a while now in my company and we
recently discovered that certain queries are returning unwanted results.

I've created a gist https://gist.github.com/yairnm/14bca137879212cf64f2that
recreates the problem on a newly index without mapping

The use case is quite simple, I have the following document:
{
"collected" : {
"etag" : ""KOlSfwGpwASvJB5lLGkjWDc36DY/R9KZ-VQJQP18W3NNaJcSpQlPgaY"",
"is_success" : true,
"action_type" : "password"
},
"timestamp" : 1399820164000,
"instanceId" : 0,
"collected_event" : true,
"tenantId" : 2,
"eventType" : 589825
}

And I try to run a filtered query, that has terms and query_string:
{
"filter" : {
"and" : [{
"term" : {
"tenantId" : 2
}
}, {
"not" : {
"term" : {
"eventType" : 589844
}
}
}, {
"not" : {
"term" : {
"collected_event" : false
}
}
}
]
},
"query" : {
"query_string" : {
"query" : ""sfoun"",
"lenient" : true,
"fields" : ["collected.*"]
}
}
}

I expect the filtered query to yield zero results since the document
doesn't meet with the query_string.

You can try and replace the text in query_string to anything you like but
still get the results.
My guess is that I'm missing out something or I don't fully understand how
queries work.

Thanks in advance,
Yarin.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/72ca01a8-2a49-4588-ad7b-65f58b68504f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.