I am logging messages that contain a UUID. When I do a search on a UUID, for example, fcaaec62-d9c5-4484-bccd-1c7b0982d1bc, there is a match on any document that contains the strings 4484 or bccd. If I search on fcaaec62 then I get a single document, so I suppose I have a good work around. However, I'd really like to make a search where the dashes are not significant. How do I do that, please?
Many thanks.
Jeff
If you won't ever have the need to search for substrings in your UUID you should look at setting the field to not_analyzed in the Elasticsearch mapping/index template. That way you can only search for the whole field, useful for unique identifiers.
Alternatively you could just wrap your query in inverted commas.
or you can use whitespace analyzer https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-whitespace-tokenizer.html or use the match query with double quote.
I'm kinda new to this but running into the same question. My problem is usually I find out that I need to set a field to "not_analyzed" after I've put data in it and started using it. My understanding is that there's no way to change a field after the fact, right? Is there a clever way around that?
That's right, the typical answer will be to update your mapping and re-index unfortunately
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.