I found out that the return results of above query was missing all the log
which its source is exactly "lorem-aws".
But if I changed the terms of 'source` to ["lorem", "aws"], it can return
all the logs that its source contain either "lorem" or "aws",
but this is not what I want.
Am I doing something wrong? If so, how can I improve it?
The terms filter that contains "lorem-aws" doesn't analyze at query time.
So you search for lorem-aws
During indexing the field source is analyzed, so the tokens that end up
in the index are: lorem and aws (assuming you're using the default
analyzer). This results in the fact that the document isn't found. Tho fix
this you can do 2 things:
In your mapping set the index option for field source to not_analyzed. This makes sure that lorem-aws is indexed as is and you
will have a match on it when using the terms filter. Note: changing the index option of a field can only be done for new fields and requires
re-indexing.
Or replace the terms for the source field by a match query with operator set to and and wrap that in a query filter. Then at query time lorem-aws is expended to lorem and aws and therefor will match with
the indexed tokens.
I found out that the return results of above query was missing all the log
which its source is exactly "lorem-aws".
But if I changed the terms of 'source` to ["lorem", "aws"], it can return
all the logs that its source contain either "lorem" or "aws",
but this is not what I want.
Am I doing something wrong? If so, how can I improve it?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.