curl -XPOST 'localhost:9200/zjh_assets*/_search?pretty' -d '
{
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
}
}'
"took" : 782,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 9601,
"max_score" : 1.0,
"hits" : [ {
"_index" : "zjh_assets_2016-19",
"_type" : "assets_change",
"_id" : "AVSgpxwk1iGy4EIfOgVC",
"_score" : 1.0,
"_source" : {
"@version" : "1",
"@timestamp" : "2016-05-12T00:29:28.000Z",
"path" : "/data/ogs/zjh_logic_1_1_1_info.log.2016.05.12",
"host" : "ca56960e9692",
"logtype" : "assets_change",
"uin" : "1441783451816",
"key" : 1,
"change" : -10,
"reason" : "enter_desk_consume",
"timestamp" : 1462984168893057
}
}, {
"_index" : "zjh_assets_2016-19",
"_type" : "assets_change",
"_id" : "AVSgpxwk1iGy4EIfOgVD",
"_score" : 1.0,
"_source" : {
"@version" : "1",
"@timestamp" : "2016-05-12T00:29:39.000Z",
"path" : "/data/zjh/logs/zjh_logic_1_1_1_info.log.2016.05.12",
"host" : "ca56960e9692",
"logtype" : "assets_change",
"uin" : "144150665783451821",
"key" : 1,
"change" : -10,
"reason" : "zjh_enter_desk_consume",
"timestamp" : 1462984179065858
}
},
the total hits from curl is 9402
when I use "*" in the search box from kibana ,I found the total hits is 4702,almost half of the result from console
the kibanaSavedObjectMeta.searchSourceJSON is
{
"index": "zjh_login*",
"filter": [],
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
}
}
and I am sure the date range is big enough to include all the data in elastic search
kibana 4.5.0 Commit SHA ff5cfc5
elastic search 2.3.2
both running in docker .
using the image build from docker.io
(elastic search has only one node )
question is: why the result is not equal,it's a bug of kibana?