Matching phrase in a elasticsearch query

aniketkk · March 21, 2018, 5:01am

Hi, I am trying to do a query where the timestamp is 27/Feb/2018. The Elasticsearch version is 1.5

My query looks like this

{
	"query": {
		"multi_match": {
			"query": "27/Feb/2018",
			"fields": [ "timestamp"],
			"minimum_should_match": "100%"
		}
	}
}

But I am getting results where a document looks like this

      {
            "_index": "pyramid-dev",
            "_type": "request-logs",
            "_id": "AWGKTEccLurs6cVv0N0H",
            "_score": 11.130073,
            "_source": {
                "path": "/var/log/nginx/access.log",
                "timestamp": "02/Feb/2018:14:45:27 +0000"
            }
        }

As you can see it is not 27/Feb but still I am getting the result as 27 is present in the field.

How to solve this?

I tried using phrase query but it says
IllegalStateException[field \"timestamp\" was indexed without position data; cannot run PhraseQuery (term=27)]

And I cant use prefix query also as there is no not_analyzed version of it.
The timestamp field is a string.

Please help me how to solve this.

dadoonet · March 21, 2018, 6:22am

You should better make timestamp field as a date datatype.
Change your mapping and reindex.

aniketkk · March 21, 2018, 6:27am

Hi @dadoonet. I agree that it should have been a date field. But I don't have the authority to change the mappings. THere are multiple teams using it and have no control over it.

Is there any to get what I want through the query?

dadoonet · March 21, 2018, 6:51am

May be searching with "+Feb +27" but that will give strange results as well like when 27 is the minute number.

system · April 18, 2018, 6:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.