Query DSL, matching string, very easy example

hi, I'm starting on DSL query...

I'm a little bit lost because as an example I try to match a very easy sample but I can't match...

Is somebody can help me ? the only answer I get (on elasticsearch Head) is the 10th first document of my index...

I have my message in this "root" : doc._source.message

example :

{

 "took": 11,
 "timed_out": false,
 "_shards": {
   "total": 3,
   "successful": 3,
   "skipped": 0,
   "failed": 0},
 "hits": {
   "total": 1094542,
   "max_score": 1,
   "hits": [
     {
       "_index": "filebeat-2019.07.09",
       "_type": "doc",
       "_id": "xxxxxxxxxxxx",
       "_score": 1,
       "_source": { 
         "offset": 1082156,
         "prospector": { 
           "type": "log"},
         "source": "localhost_access_log.2019-07-09.txt",
         "message": "- - - [09/Jul/2019:08:00:46 +0200] 302 - POST /xxxxxxx 66",
         "http_verb": "POST",
         "duration": 66,
         "input": { 
           "type": "log"},
         "time_request": "09/Jul/2019:08:00:46 +0200",
         "@timestamp": "2019-07-08T06:00:46.000Z",
         "application": "XXXX",
         "host": { 
           "os": { 
             "codename": "Core",
             "family": "redhat",
             "version": "7 (Core)",
             "platform": "centos"},
            "containerized": true,
            "name": "YYYYY",
            "id": "123456789",
            "architecture": "x86_64"},
          "beat": { 
           "hostname": "YYYYY",
           "name": "YYYYY",
           "version": "6.5.1"},
          "http_status": "302",
          "http_bytes_sent": "-",
          "http_request": "/xxxxxxxx",
          "http_query_string": ""}},
     {
       "_index": "filebeat-2019.07.09",
       "_type": "doc",
       "_id": "123456789",
       "_score": 1,
       "_source": {
         "remote_addr": "xx.xx.xx.xx",
         "offset": 1082231,
         "prospector": {
           "type": "log"},
          "source": "/path/localhost_access_log.2019-07-09.txt",
          "message": "hello this my_string test",
          "http_verb": "GET",
          "duration": 39,
    ...

I tried this query and no success ! Here lmy tests :

test 1 :
{
"query": {
"query_string": {
"query": {
"match_phrase": {
"message": "my_string"
}
}
}
}
}

test 2 :
{
"query": { "match_phrase": { "message": "my_string" } }
}

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

image.jpg764×92 16.4 KB

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.

hi, Sorry for the incorrect format of my sample...

I just need example to understand how to do a query that match correctly le field message, but until now, I don't find the good syntax.

I just need example to understand how to do a query that match correctly le field message

I just need a simple script to start with it and then fix it and share the result with you.

but until now, I don't find the good syntax.

You have some examples here: Match query | Elasticsearch Guide [8.11] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.