hi guys,
if i have a JSON document indexed into Elasticsearch, like the following:
{
"_index": "SNIP!",
"_type": "SNIP!",
"_id": "AVEHzwACg1ogiczjUHkz",
"_score": 1,
"_routing": "SNIP!",
"_source": {
"pid_no": 19321,
"originator_ip": "SNIP!",
"aggregator_id": null,
"inet_family": "ipv4-unicast",
"as_path": "SNIP!",
"net_block": "SNIP!",
"origin_code": "igp",
"extended_community": null,
"atomic_aggregate": null,
"adv_type": "announce",
"peer_ip": "SNIP!",
"community_note": "SNIP!",
"local_asn": "6830",
"local_preference": 250,
"med_metric": 0,
"time_stamp": 1447534931,
"peer_asn": "SNIP!",
"cluster_list": "SNIP!",
"net_mask": "23",
"prefix4_": {
"last": 222,
"first": 111
},
"next_hop": "SNIP!",
"counter_no": 69668,
"confederation_path": "",
"prefix_": "SNIP!",
"local_ip": "SNIP!",
"as_set": null,
"host_name": "SNIP!"
}
}
and i have tried successfully to filter all of the keys of the doc, but, except the nested ones.
the query looks like:
GET /SNIP!/SNIP!/_search?routing=SNIP!
{
"query": {
"bool": {
"must": {
"query": {
"query_string": {
"query": "/SNIP!.*/",
"fields": [
"as_path"
],
"default_operator": "and",
"use_dis_max": true
}
}
},
"must_not": {
"query": {
"simple_query_string": {
"query": "-SNIP!",
"fields": [
"community_note"
],
"default_operator": "and"
}
}
},
"filter": {
"bool": {
"must": [
{
"term": {
"prefix_": "SNIP!"
}
},
{
"range": {
"local_preference": {
"gt": 150,
"lte": 250
}
}
}
,
{
"and": [
{
"range": {
"prefix4_.first": {
"lte": 200
}
}
},
{
"range": {
"prefix4_.last": {
"gte": 200
}
}
}
]
}
],
"must_not": [
{
"terms": {
"originator_ip": [
"SNIP!"
]
}
}
]
}
}
}
}
}
could a beautiful mind in here please advise on why the prefix4_ filter does not work ?
what i am doing wrong ?
Nikos