Hi all,
My requirement is to get a Elasticsearch response wherever the user typed query matches in the index. ( basically i'm working on search API with elasticsearch).
so i've used multi match query with fuzziness auto which will search on few fields.
when i type "INC" , it's matching in the description and short description field but didn't match against incident_number field ( which has value INC0038503). Even for the incident number, if i give query value as "INC0038" , i get empty result. how shall i get response even if the user key in "INC00" . what needs to be fine tuned on the below multi match query. the query should match against all fields in the fields column.
GET logstash_itsm_incidents/_search
{
"query": {
"multi_match" : {
"query": "INC",
"fields": [ "incident_number", "description", "short_description" ,"account_id", "site_id", "sub_account_id", "sub_site_id", "incident_parent_id.incident_number"] ,
"fuzziness": "AUTO"
}
},
"track_total_hits": true,
"highlight": {
"require_field_match": false,
"fields": {
"*": {}
}
}
}
Output
"hits" : [
{
"_index" : "logstash_itsm_incidents",
"_type" : "_doc",
"_id" : "O2eFQIoBeeu6o2SpeAiP",
"_score" : 10.789138,
"_source" : {
"state" : "On Hold",
"site_id" : "ACCT0010256",
"incident_number" : "INC0038503",
"@version" : "1",
"@timestamp" : "2023-08-29T09:00:03.527Z",
"closed_at" : null,
"sub_account_id" : "ACCT0010255",
"incident_parent_id" : null,
"account_id" : "ACCT0010254",
"short_description" : "Inc 02",
"sub_site_id" : "",
"description" : "Inc 02"
},
"highlight" : {
"short_description" : [
"<em>Inc</em> 02"
],
"description" : [
"<em>Inc</em> 02"
]
}
},
when i type some numbers , it always returns empty result. The site_id has a value ends with 10256. so i've typed 10256 in the query, but i got empty result.
GET logstash_itsm_incidents/_search
{
"query": {
"multi_match" : {
"query": "10256",
"fields": [ "incident_number", "description", "short_description" ,"account_id", "site_id", "sub_account_id", "sub_site_id", "incident_parent_id.incident_number"] ,
"fuzziness": "AUTO"
}
},
"track_total_hits": true,
"highlight": {
"require_field_match": false,
"fields": {
"*": {}
}
}
}
Response is empty. why is it not matching against site_id field which has a value.
{
"took" : 16,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
The mapping of index for reference.
{
"logstash_itsm_incidents" : {
"mappings" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"account_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"closed_at" : {
"type" : "date"
},
"description" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"incident_number" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"incident_parent_id" : {
"properties" : {
"account_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"company" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"impact" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"incident_number" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"incident_state" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"issue_type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"resolved_at" : {
"type" : "date"
},
"resolved_by" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"site_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"state" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"sub_account_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"sub_site_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"urgency" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"short_description" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"site_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"state" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"sub_account_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"sub_site_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}
}
}
Thanks in advance.