Inconsistent search results?

aarongu · July 31, 2015, 11:00pm

Hello!

When I do this query:

  "query": {
    "simple_query_string": {
      "query": "[FSM:END]: certificates configuration(FSM:sam:dme:PkiEpUpdateEp)"
    }
  },
  "sort": {
    "time": {
      "order": "desc"
    }
  }
}

There are many hits as expected; Here is an example of one:

As you can see in the mapping "filename",there is "showcmds-policy-mgr.txt" to it.
What I want to do is retrieve everything that has that specific filename. This is what I tried:

 {
  "query": {
    "filtered": {
      "query": {
        "match_all": {}
      },
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "filename": "showcmds-policy-mgr.txt"
              }
            }
          ]
        }
      }
    }
  },
  "sort": {
    "time": {
      "order": "desc"
    }
  }
}

This resulted in no hits. How exactly do I fix the second query to get the desired outcome?

Thanks,
Aaron

aarongu · July 31, 2015, 11:25pm

I ended up figuring it out. I needed to add "index: not_analyzed" to the mapping of filename.

warkolm · August 1, 2015, 5:20am

Yep, because it'll split the field on the fullstop.