I have an Elasticsearch query which is extracting data from the following fields "_source": ["data.service","data.vpn","data.policyid","data.srccountry1"]
. While using the search function which gives only max hits of 10,000 I observe that in a lot of hits all _source values are not present.
Query :
{
"size" : 10000,
"_source": "_source": ["data.service","data.vpn","data.policyid","data.srccountry1"],
"query":{
"bool": {
"must": [
{"match_phrase": {"data.action": "accept"}},
{"match_phrase": {"location": "192.168.0.1"}}
]
}
}
}
In some of the hits data.vpn
is not present or data.srccountry1
is not present. How can I write a query where I need the hits to have all the _source field
values?