How elasticsearch search works?

Elastic Stack Elasticsearch
#1

Dear All,
I am using elasticsearch 1.4.X. Suppose I have below document indexed, lets
say if i search for "priority=2" will it search in entire document as
free-text search?
or it will search only for attribute priority?

{
"date_gmt": "2015-04-15",
"plugin_id": "1001",
"signature": "DELETED SERVER-OTHER HP LoadRunner stack buffer overflow
attempt",
"reliability": "2",
"plugin_sid": "32996",
"category": "null",
"priority": "2",
"src_port": "20345",
"event_id": "1131142910383383630576",
"src_ip": "192.168.1.129",
"cc-report": "null",
"asset": "2",
"sensor": "ccserver-qa-1",
"dst_port": "443",
"username": "NULL",
"vendor": "Sourcefire",
"risk": "0",
"device": "127.0.0.1",
"product_type": "Intrusion Detection",
"_excutetime": "2015-04-15T13:17:13",
"datasource": "Snort",
"fdate": "2015-04-15T12:44:50",
"dst_ip": "10.0.129.234"
}

Kindly shade some light on this, as we are building critical application
using elasticsearch, and need to confirm this point.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6a446286-2aa6-4627-b0ba-a9fd0e7c12be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

#2

If you use a query string or simple query string, searching for priority:2 will search in priority field only.
Using a query dsl with filters will make this more obvious and more efficient performance wise.

HTH

David

Le 26 avr. 2015 à 14:23, jigish thakar jigishpthakar@gmail.com a écrit :

Dear All,
I am using elasticsearch 1.4.X. Suppose I have below document indexed, lets say if i search for "priority=2" will it search in entire document as free-text search?
or it will search only for attribute priority?

{
"date_gmt": "2015-04-15",
"plugin_id": "1001",
"signature": "DELETED SERVER-OTHER HP LoadRunner stack buffer overflow attempt",
"reliability": "2",
"plugin_sid": "32996",
"category": "null",
"priority": "2",
"src_port": "20345",
"event_id": "1131142910383383630576",
"src_ip": "192.168.1.129",
"cc-report": "null",
"asset": "2",
"sensor": "ccserver-qa-1",
"dst_port": "443",
"username": "NULL",
"vendor": "Sourcefire",
"risk": "0",
"device": "127.0.0.1",
"product_type": "Intrusion Detection",
"_excutetime": "2015-04-15T13:17:13",
"datasource": "Snort",
"fdate": "2015-04-15T12:44:50",
"dst_ip": "10.0.129.234"
}

Kindly shade some light on this, as we are building critical application using elasticsearch, and need to confirm this point.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6a446286-2aa6-4627-b0ba-a9fd0e7c12be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4729F8FA-8EAD-44EE-B376-C96FA0160599%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

#3

Thanks for a quick reply David!! Really appreciate it.

Regards.
On 26-Apr-2015 5:57 pm, "David Pilato" david@pilato.fr wrote:

If you use a query string or simple query string, searching for priority:2
will search in priority field only.
Using a query dsl with filters will make this more obvious and more
efficient performance wise.

HTH

David

Le 26 avr. 2015 à 14:23, jigish thakar jigishpthakar@gmail.com a écrit :

Dear All,
I am using elasticsearch 1.4.X. Suppose I have below document indexed,
lets say if i search for "priority=2" will it search in entire document as
free-text search?
or it will search only for attribute priority?

{
"date_gmt": "2015-04-15",
"plugin_id": "1001",
"signature": "DELETED SERVER-OTHER HP LoadRunner stack buffer overflow
attempt",
"reliability": "2",
"plugin_sid": "32996",
"category": "null",
"priority": "2",
"src_port": "20345",
"event_id": "1131142910383383630576",
"src_ip": "192.168.1.129",
"cc-report": "null",
"asset": "2",
"sensor": "ccserver-qa-1",
"dst_port": "443",
"username": "NULL",
"vendor": "Sourcefire",
"risk": "0",
"device": "127.0.0.1",
"product_type": "Intrusion Detection",
"_excutetime": "2015-04-15T13:17:13",
"datasource": "Snort",
"fdate": "2015-04-15T12:44:50",
"dst_ip": "10.0.129.234"
}

Kindly shade some light on this, as we are building critical application
using elasticsearch, and need to confirm this point.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/6a446286-2aa6-4627-b0ba-a9fd0e7c12be%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/6a446286-2aa6-4627-b0ba-a9fd0e7c12be%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/ltoy0wnQl8k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4729F8FA-8EAD-44EE-B376-C96FA0160599%40pilato.fr
https://groups.google.com/d/msgid/elasticsearch/4729F8FA-8EAD-44EE-B376-C96FA0160599%40pilato.fr?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAJVeJUTeT24_y03ubzYNSqMuVds5FKn-e_pcC8cUjksovy7Vcw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

#4