That parses fine by ES, but never returns the results. I know the two
fields are correct and in my index. If I take off the 'filter', I get the
expected results, but I need the filter to narrow the results. When I
compose the same query using Kibana, it tries to use an 'ffilter' query
which I don't see documented anywhere:
Chances are your appId and processId fields are analyzed so it is breaking
up the id's. Update your mapping of these fields so it is not analyzed
[1]. Also, you should not use an "and" filter to combine term filters.
Use a boolean filter [2] with must clauses for better performance. Read
why at Elasticsearch Platform — Find real-time answers at scale | Elastic.
That parses fine by ES, but never returns the results. I know the two
fields are correct and in my index. If I take off the 'filter', I get the
expected results, but I need the filter to narrow the results. When I
compose the same query using Kibana, it tries to use an 'ffilter' query
which I don't see documented anywhere:
I updated the mappings and confirmed both types read not_analyzed. I also
updated the query to use bool/must:
{
"from":0,
"size":200,
"query":{
"filtered":{
"query":{
"query_string":{
"fields":[
"_all"
],
"query":""Test message from AT by user admin was
generated""
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"where.appId":"12229ac6-8e9a-43ff-ab67-e80f3c585a69"
}
},
{
"term":{
"where.processId":
"bd13dbe5-0a4c-4469-a645-44cb3fde280a"
}
}
]
}
}
}
}
}
Still not getting any hits though. Tried escaping the terms. Is there
anything special about having nested field names like that
'where.processId'?
On Friday, April 18, 2014 4:07:31 PM UTC-4, Matt Weber wrote:
Chances are your appId and processId fields are analyzed so it is breaking
up the id's. Update your mapping of these fields so it is not analyzed
[1]. Also, you should not use an "and" filter to combine term filters.
Use a boolean filter [2] with must clauses for better performance. Read
why at Elasticsearch Platform — Find real-time answers at scale | Elastic.
That parses fine by ES, but never returns the results. I know the two
fields are correct and in my index. If I take off the 'filter', I get the
expected results, but I need the filter to narrow the results. When I
compose the same query using Kibana, it tries to use an 'ffilter' query
which I don't see documented anywhere:
I updated the mappings and confirmed both types read not_analyzed. I
also updated the query to use bool/must:
{
"from":0,
"size":200,
"query":{
"filtered":{
"query":{
"query_string":{
"fields":[
"_all"
],
"query":""Test message from AT by user admin was
generated""
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"where.appId":
"12229ac6-8e9a-43ff-ab67-e80f3c585a69"
}
},
{
"term":{
"where.processId":
"bd13dbe5-0a4c-4469-a645-44cb3fde280a"
}
}
]
}
}
}
}
}
Still not getting any hits though. Tried escaping the terms. Is there
anything special about having nested field names like that
'where.processId'?
On Friday, April 18, 2014 4:07:31 PM UTC-4, Matt Weber wrote:
Chances are your appId and processId fields are analyzed so it is
breaking up the id's. Update your mapping of these fields so it is not
analyzed [1]. Also, you should not use an "and" filter to combine term
filters. Use a boolean filter [2] with must clauses for better
performance. Read why at Elasticsearch Platform — Find real-time answers at scale | Elastic
elasticsearch-filter-bitsets/.
That parses fine by ES, but never returns the results. I know the two
fields are correct and in my index. If I take off the 'filter', I get the
expected results, but I need the filter to narrow the results. When I
compose the same query using Kibana, it tries to use an 'ffilter' query
which I don't see documented anywhere:
Nevermind. It was an error on my part; these changes worked. Thanks again!
On Friday, April 18, 2014 5:51:31 PM UTC-4, Matt Hughes wrote:
Thanks for the quick reply!
I updated the mappings and confirmed both types read not_analyzed. I
also updated the query to use bool/must:
{
"from":0,
"size":200,
"query":{
"filtered":{
"query":{
"query_string":{
"fields":[
"_all"
],
"query":""Test message from AT by user admin was
generated""
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"where.appId":
"12229ac6-8e9a-43ff-ab67-e80f3c585a69"
}
},
{
"term":{
"where.processId":
"bd13dbe5-0a4c-4469-a645-44cb3fde280a"
}
}
]
}
}
}
}
}
Still not getting any hits though. Tried escaping the terms. Is there
anything special about having nested field names like that
'where.processId'?
On Friday, April 18, 2014 4:07:31 PM UTC-4, Matt Weber wrote:
Chances are your appId and processId fields are analyzed so it is
breaking up the id's. Update your mapping of these fields so it is not
analyzed [1]. Also, you should not use an "and" filter to combine term
filters. Use a boolean filter [2] with must clauses for better
performance. Read why at Elasticsearch Platform — Find real-time answers at scale | Elastic
.
That parses fine by ES, but never returns the results. I know the two
fields are correct and in my index. If I take off the 'filter', I get the
expected results, but I need the filter to narrow the results. When I
compose the same query using Kibana, it tries to use an 'ffilter' query
which I don't see documented anywhere:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.