Hello,
When we select this filter
It seems to apply not only to "update", but also for example to "update-security"....
Seems like a bug to me?
Willem
Hello,
When we select this filter
It seems to apply not only to "update", but also for example to "update-security"....
Seems like a bug to me?
Willem
can you check the dsl that is generated ? (click edit query dsl in the filter)
The dsl filter:
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"match_phrase": {
"infoblox_nios.log.dns.category": "update"
}
}
]
}
}
Yes, this is expected, since (I'm assuming) infoblox_nios.log.dns.category
is an analyzed field. If you want an exact match, you'll have to use the keyword
version of the field.
Honetly I have no clue what you mean this is expected. The filter says "match_phrase", but it doesn't match at all? The field doesn't has a keyword version fyi.
This is expected because this field is mapped as a text
field as you can check here.
The field infoblox_nios.log.dns.category
is mapped as text
so it will be an analyzed field, in this case your query will match any document that has updated
on it and not just documents that have only update
but no update-security
.
To have an exact match you would need the field to be mapped as keyword
, you will also not have a keyword
field because the mapping for it was not created.
It is not a bug, but in my opinion the mapping for this field seems to be wrong, if this represents a category with values like the ones you shared, this should've be mapped as a keyword
field not a text
field.
I think you should open an issue in the integrations repository so Elastic can look at it and change the mapping.
You could also try to use a runtime field to make this field behave like a keyword
field, but beware that this can have a performance impact.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.