Flattened fields and `query_string` queries with leading wildcard

ddittmar · January 23, 2025, 11:52am

Hi, I'm seeing unexpected behaviors with flattened fields and query_string queries with leading wildcard. I'm new to Elasticsearch so maybe someone could help me out.

I'm using 8.15.2 but I see the same behavior on 8.17.1

Here's my test_index:

PUT http://localhost:9200/test_index
Authorization: Basic elastic elastic
Content-Type: application/json

{
  "mappings": {
    "properties": {
      "test_field": {
        "type": "flattened"
      }
    }
  },
  "settings": {
    "index": {
      "number_of_shards": "1",
      "number_of_replicas": "1"
    }
  }
}

My test data:

### dataset1
POST http://localhost:9200/test_index/_doc
Authorization: Basic elastic elastic
Content-Type: application/json

{
  "test_field": {
    "test1": "the first test test1 foo bar",
    "test2": "the second test test2 foo bar"
  }
}

### dataset2
POST http://localhost:9200/test_index/_doc
Authorization: Basic elastic elastic
Content-Type: application/json

{
  "test_field": {
    "test3": "the third test test3 foo bar",
    "test4": "the fourth test test4 foo bar"
  }
}

This query

GET http://localhost:9200/test_index/_search
Authorization: Basic elastic elastic
Content-Type: application/json

{
  "query": {
    "query_string": {
      "fields": [
        "test_field.test4"
      ],
      "query": "*first*"
    }
  }
}

gives me:

...
    "hits": [
      {
        "_index": "test_index",
        "_id": "...",
        "_score": 1.0,
        "_source": {
          "test_field": {
            "test1": "the first test test1 foo bar",
            "test2": "the second test test2 foo bar"
          }
        }
      }
    ]
...

It looks like the query did not only looked at test_field.test4. I've expected no results.
If I changed my query to:

GET http://localhost:9200/test_index/_search
Authorization: Basic elastic elastic
Content-Type: application/json

{
  "query": {
    "query_string": {
      "fields": [
        "test_field.test4"
      ],
      "query": "first*"
    }
  }
}

I get no results. That is the behavior I would expect.

I've found this Flattened fields with query_string and wildcards whitch looks like the same problem but sadly there is no answer.
I couldn't find anything describing this in the documentation.

I hope someone could give me a hint

Cheers,

Dirk Dittmar

dor · January 23, 2025, 1:09pm

Hi, I opened the old thread you were referring to.
Sadly, after I contacted the support, they told me its unsupported, like the regular wildcard query on flattened fields.

As far as I know, this bug still persists

ddittmar · January 23, 2025, 1:31pm

Thanks for the reply... did you find any other solution?
I've switched to flattened fields because I ran into the "Limit of total fields [1000] has been exceeded while adding new fields" Problem and found this thread: Approaches to deal with “Limit of total fields [1000] in index has been exceeded”

ddittmar · January 30, 2025, 7:14am

I found a solution that works for me. Maybe this will help someone.

Instead of flattened fields I use nested fields with the following structure (from the mapping):

"aFieldName": {
  "type": "nested",
  "properties": {
    "key": {
      "type": "keyword"
    },
    "value": {
      "type": "wildcard"
    }
  }
},

... the data looks like this:

"aFieldName": [
    {
      "key": "street",
      "value": "a street name here"
    },
    {
      "key": "phone",
      "value": "7607"
    },
...

... and I can query (filter in this case) and sort like this ("select where street contains 'gold' sort by phone"):

{
    "query": {
        "bool": {
            "filter": [
                {
                    "nested": {
                        "path": "aFieldName",
                        "query": {
                            "bool": {
                                "must": [
                                    {
                                        "term": {
                                            "aFieldName.key": {
                                                "value": "street"
                                            }
                                        }
                                    },
                                    {
                                        "wildcard": {
                                            "aFieldName.value": {
                                                "case_insensitive": true,
                                                "value": "*gold*"
                                            }
                                        }
                                    }
                                ]
                            }
                        }
                    }
                }
            ]
        }
    },
    "sort": [
        {
            "aFieldName.value": {
                "nested": {
                    "filter": {
                        "term": {
                            "aFieldName.key": {
                                "value": "phone"
                            }
                        }
                    },
                    "path": "aFieldName"
                },
                "order": "desc"
            }
        }
    ]
}

... so far it seams to work fine

system · February 27, 2025, 7:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Flattened fields with query_string and wildcards Elasticsearch	1	926	May 25, 2022
Wildcards in flattened fields for nested objects Elasticsearch	2	540	July 6, 2017
Query String Query and leading wildcard Elasticsearch	1	702	January 9, 2017
Using wildcards in query_string fields Elasticsearch	2	382	July 6, 2017
Error while using wildcard in multifield query_string query Elasticsearch	2	559	July 6, 2017

Flattened fields and `query_string` queries with leading wildcard

Related topics