Match_phrase query's result do not contain required keyword


(Hacksign) #1

Search statement:
{
"size":30,
"query" : {
"match" : {
"log.kv" : {
"query" : "scans microsoft backdoor",
"operator" : "and",
"type" : "phrase",
"slop" : 7
}
}
},
"highlight" : {
"fields" : {
"log.kv" : {
"fragment_size" : 1500, "number_of_fragments" : 30
}
}
}
}
below are all items containing string 'microsoft':
'log': [...,
{"value":"False","type":"bool","key":["scans","Microsoft","detected"],"kv":["scans","Microsoft","detected","False"]},
{"value":"1.1.12400.0","type":"unicode","key":["scans","Microsoft","version"],"kv":["scans","Microsoft","version","1.1.12400.0"]},
{"value":"None","type":"NoneType","key":["scans","Microsoft","result"],"kv":["scans","Microsoft","result","None"]},
{"value":"20160221","type":"unicode","key":["scans","Microsoft","update"],"kv":["scans","Microsoft","update","20160221"]},
...]

my problem :

  • there is no backdoor str in result, but my search statement required it
  • there is no highlight section in result which I required it too

(system) #2