Nested fields with identical key names query discrepancy

Jeff_Steinmetz · August 17, 2015, 3:55pm

This was discussed in the Kibana thread here, and the suggested was made to post in in this discussion group.

Review the thread discussion for more details.

I've posted a vagrant file that helps reproduce the scenario. Boots up a default 1.7.1 elasticsearch install. (to spin it up, use vagrant, virtual box and ansible).

clone or download zip from here, view README.md for instructions:

It demonstrates that this returns no hits (expected 1 hit)

GET /test17/_search
{
    "query": {
        "filtered": {
            "query": {
                "query_string": {
                    "query": "user.id:\"84ba51f5-4939-4639-a15f-9cb9d793fea2\""
                }
            }
        }
    }
}

and this returns 1 hit

GET /test17/user/_search
{
    "query": {
        "filtered": {
            "query": {
                "query_string": {
                    "query": "user.id:\"84ba51f5-4939-4639-a15f-9cb9d793fea2\""
                }
            }
        }
    }
}

colings86 · August 18, 2015, 10:11am

You could have fallen victim to the 'Ambiguous Field Lookup' problem described here: https://www.elastic.co/blog/great-mapping-refactoring#ambiguous-fields. In 2.0 the mappings have been refactored to prevent this.