I amusing ELK version 5.2.0 and I am trying to aggregate some fields from another index in logstash-filter-elasticsearch using the name or email or userid.
Below is my query
query => "type:user AND (email.keyword:%{user} OR first_name.keyword:%{[user]} OR userid:%{user})"
Email and userid aggregation are working perfectly but the name comparison is not working as expected. for eg;
usecase 1
user : moving the method...
firstname.keyword: poulin
In my case the usecase1 should get failed and aggregation should not happen but its happening
usecase 2
user : Belinda Lynn
firstname.keyword: Lynn
Same for usecase2 also.
From this comparison I believe the name field is not matching with fulltext. I am looking for guidance and inputs to achieve my aggregation with exact match on the name fieds.