Match_phrase vs simple_query_string

sdmccorm · October 9, 2024, 7:52pm

Folks - I'm not even sure what kind of search this is called. I'm searching some logs, but the problem is each log starts with the same text - but the string can end with other text. Is there a way to do this without regex?

Example:

They all start with this - but I want to ignore any text that IS ONLY THIS STRING.

Skip this:
"Generic Error found."

However, if it contains that string AND additional text, I need to match the entire string:

Match this:
"Generic Error found. - some specific error text"

I was hoping a match_phrase did it but, it's still matching any string that includes the starting text.

Just point me in the right direction with the type of query I need to run, please.

{
"match_phrase": {
       "field": {
       "query": "Generic Error found. "
   }
 }
}

Thanks,
Steve

Kathleen_DeRusso · October 9, 2024, 8:39pm

You may want to do a boolean query, where you can filter out for exact matches of the String you want, but include the strings that you want.

Carlos_Sponchiado · October 9, 2024, 10:18pm

{
  "query": {
    "bool": {
      "must": [
        {
          "match_phrase": {
            "field": "Generic Error found."
          }
        }
      ],
      "must_not": [
        {
          "term": {
            "field.keyword": "Generic Error found."
          }
        }
      ]
    }
  }
}