Hi, I'm seeing unexpected behaviors with flattened fields and query_string
queries with leading wildcard. I'm new to Elasticsearch so maybe someone could help me out.
I'm using 8.15.2 but I see the same behavior on 8.17.1
Here's my test_index
:
PUT http://localhost:9200/test_index
Authorization: Basic elastic elastic
Content-Type: application/json
{
"mappings": {
"properties": {
"test_field": {
"type": "flattened"
}
}
},
"settings": {
"index": {
"number_of_shards": "1",
"number_of_replicas": "1"
}
}
}
My test data:
### dataset1
POST http://localhost:9200/test_index/_doc
Authorization: Basic elastic elastic
Content-Type: application/json
{
"test_field": {
"test1": "the first test test1 foo bar",
"test2": "the second test test2 foo bar"
}
}
### dataset2
POST http://localhost:9200/test_index/_doc
Authorization: Basic elastic elastic
Content-Type: application/json
{
"test_field": {
"test3": "the third test test3 foo bar",
"test4": "the fourth test test4 foo bar"
}
}
This query
GET http://localhost:9200/test_index/_search
Authorization: Basic elastic elastic
Content-Type: application/json
{
"query": {
"query_string": {
"fields": [
"test_field.test4"
],
"query": "*first*"
}
}
}
gives me:
...
"hits": [
{
"_index": "test_index",
"_id": "...",
"_score": 1.0,
"_source": {
"test_field": {
"test1": "the first test test1 foo bar",
"test2": "the second test test2 foo bar"
}
}
}
]
...
It looks like the query did not only looked at test_field.test4
. I've expected no results.
If I changed my query to:
GET http://localhost:9200/test_index/_search
Authorization: Basic elastic elastic
Content-Type: application/json
{
"query": {
"query_string": {
"fields": [
"test_field.test4"
],
"query": "first*"
}
}
}
I get no results. That is the behavior I would expect.
I've found this Flattened fields with query_string and wildcards whitch looks like the same problem but sadly there is no answer.
I couldn't find anything describing this in the documentation.
I hope someone could give me a hint
Cheers,
Dirk Dittmar