What I would like to do is only get the rows where tags contain the phrase Private key. I have tried adding the following WHERE clauses one by one but even though I dont get any errors they all result in no hits at all:
WHERE tags LIKE "*Private key*"
WHERE tags LIKE "%Private key%"
EVAL t = LOCATE(tags, "Private key") | WHERE t > 0
Is it possible to succeed in what I'm trying to do or does ES|QL simply not support such a relatively basic feature?
I do not know whether ES|QL supports this or not, so will need to let someone else respond to that.
If you were to translate this type of query into Elasticsearch query clauses, which is what I believe ES/QL does behind the scenes, it would result in a wildcard query with leading and trailing wildcards. This is as far as I know by far the most inefficient query you can run in Elasticsearch and it performs and scales very badly with increasing data volumes. It is generally recommended to avoid this at all cost, at least if it has to be run against a field mapped as keyword and not wildcard If this type of query is not supported by ES|QL I would expect this to be the reason for it.
Even if it does not directly translate to DSL I do not see how it could execute this type of logic in a much more efficient way against Lucene. If that was possible, would the wildcard query clause not have been improved as well? Has there been a major breakthrough in efficiency?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.