Hi,
i have 1000 index-documents with following structure:
// #1
{
"_index": "my_index_2008",
"_type": "_doc",
"_version": 1,
"_seq_no": 1,
"_primary_term": 1,
"found": true,
"_source": {
"meta": {
...
},
"data": {
"main": {
"behavior": "prototype"
"refType": 1,
...
},
"detail": {
"auth": "123abc456",
"ip": "xxx",
"clientPhoneNumber": "123456789",
"userparam": "Professional"
}
}
}
}
// #2
{
"_index": "my_index_2008",
"_type": "_doc",
"_version": 1,
"_seq_no": 1,
"_primary_term": 1,
"found": true,
"_source": {
"meta": {
...
},
"data": {
"main": {
"behavior": "any_string",
...
"refType": 3,
...
},
"detail": {
"auth": "555rock",
"userparam": "Pro-Account",
"address": "road to nowhere"
}
}
}
}
...
The goal of the search is to find any record, where the value of defined fields data.detail.* match a wildcard string: *ro*. But only if record field data.main.refType IN (1,2,3).
In sql-language like this:
SELECT * FROM my_index_2008
WHERE
(
data.main.behavior LIKE 'ro'
OR
data.detail.userparam LIKE 'ro'
OR
data.detail.auth LIKE 'ro'
OR
data.detail.address LIKE 'ro'
)
AND
(
data.main.refType = 1
OR
data.,main.refType = 2
)
So my first test-query looks like this:
{
"explain": true,
"query": {
"bool": {
"should": [
{
"wildcard": {
"data.mainl.behavior": "*ro*"
}
},
{
"wildcard": {
"data.detail.userparam": "*ro*"
}
},
{
"wildcard": {
"data.detail.auth": "*ro*"
}
},
{
"wildcard": {
"data.detail.address": "*ro*"
}
},
]
}
},
"size": 1000,
"from": 0,
"sort": []
}
Ok, fine, return number of hits (22) as expected.
But how to add the cluster for the refType?
{
explain": true,
"query": {
"bool": {
"should": [
...,
{
"match": {
"data.main.refType": 1
}
},
{
"match": {
"data.main.refType": 2
}
]
}
},
"size": 1000,
"from": 0,
"sort": []
}
... returned more hits than expected (total 734)
How to configurate the query, to make it work?
Greets