Here is an old entry:
}, {
"_index" : "logs-2014-12-11",
"_type" : "logs",
"_id" : "505",
"_score" : 1.0,
"fields" : {
"terms" : [ [ "smith/robert/principal/janitor" ] ]
}
}, {
Here is the new entry:
}, {
"_index" : "logs-2014-12-11",
"_type" : "logs",
"_id" : "505",
"_score" : 1.0,
"fields" : {
"terms" : [ "janitor", "principal", "robert", "smith" ]
}
}, {
Is this something that is supposed to happen? I know a huge amount of the library changed on the update.
dadoonet
(David Pilato)
July 12, 2016, 4:25am
2
What is the mapping in both cases?
dadoonet
(David Pilato)
July 12, 2016, 8:26pm
4
Would be better to give to others the solution in case someone else hit this.
The mapping used on it looks to be this:
"login": {
"type": "string",
"store": true
},
The raw message when queried directly from elasticsearch looks like this on BOTH ES 1.7 and 2.3.3:
"_index" : "logs-2014-12-11",
"_type" : "logs",
"_id" : "505",
"_score" : 1.0,
"_source" : {
"login" : "smith/robert/principal/janitor",
"msgClassId" : 3510,
"logMessage" : "AllPatternMatchesForWord.json",
"normalDate" : "2014-11-01T18:38:35.0305041Z"
}
The original post that showed differences in the entires was generated using a groovy script trick that was supposed to show the tokenization done by es (I will admit I don't understand it much):
tokens.txt:
{
"query" : {
"match_all" : {}
},
"script_fields":{
"terms" : {
"script": "doc[field].values",
"params": {
"field": "login"
}
}
}
}
curl localhost:9200/logs-2014-12-11/_search?pretty -d @C:\temp\tokens.txt
Settings changed to make it work:
es 1.7:
script.groovy.sandbox.enabled: true (1.7)
es 2.3:
script.engine.groovy.inline.search: on (2.3)
Ah I finally figured it out! ES 2.x doesn't automatically load the template files! Once I put them in manually, everything started working again!