message field has been analyzed using standard analyzer. It means that you message content has been indexed using lowercase.
a Term Filter does not analyze your query.
"DEBUG" is <> than "debug".
If you want to find your term in the inverted index, you have either to analyze your query (matchQuery for example) or lowercase in that case your searched term.
curl -XPOST http://10.203.251.142:9200/log-2014.03.03/_search -d
'{
"query": {
"constant_score": {
"filter": {
"term": { "message": "debug" }
}
}
}
}
'
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 13 mars 2014 à 14:24:39, Subhadip Bagui (i.bagui@gmail.com) a écrit:
Hi David,
I have done following steps u suggested. The string search is working now.
But for filter I have to always pass strings in lowercase; where as for query text search I can give the proper string sequence inserted in doc. query shown below.
May be this is very basic and I'm doing something wrong. I'm a week old on elasticsearch and trying to understand the query-sql and text search. Pls help to clear the conception.
-
curl -XDELETE http://10.203.251.142:9200/log-2014.03.03
-
curl -XPUT http://10.203.251.142:9200/log-2014.03.03/ -d
'{
"settings": {
"index": {
"number_of_shards": 3,
"number_of_replicas": 0,
"index.cache.field.type": "soft",
"index.refresh_interval": "30s",
"index.store.compress.stored": true
}
},
"mappings": {
"apache-log": {
"properties": {
"message": {
"type": "string",
"fields": {
"actual": {
"type": "string",
"index": "not_analyzed"
}
}
},
"@version": {
"type": "long",
"index": "not_analyzed"
},
"@timestamp": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss",
"index": "not_analyzed"
},
"type": {
"type": "string",
"index": "not_analyzed"
},
"host": {
"type": "string",
"index": "not_analyzed"
},
"path": {
"type": "string",
"norms": {
"enabled": false
},
"index": "not_analyzed"
}
}
}
}
}'
-
curl -XPUT http://10.203.251.142:9200/_bulk -d '
{ "index": {"_index": "log-2014.03.03", "_type": "apache-log", "_id": "1"}}
{ "message": "03-03-2014 18:39:35,025 DEBUG [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] com.aricent.aricloud.monitoring.CloudController 121 - com.sun.jersey.core.spi.factory.ResponseImpl@1139f1b","@version": "1","@timestamp": "2014-03-03 18:39:35","type": "apache-access", "host": "cloudclient.aricent.com", "path": "/opt/apache-tomcat-7.0.40/logs/aricloud/monitoring.log" }
{ "index": {"_index": "log-2014.03.03", "_type": "apache-log", "_id": "2"}}
{ "message": "\tat org.quartz.core.JobRunShell.run(JobRunShell.java:223)", "@version": "1", "@timestamp": "2014-03-03 18:39:36","type": "apache-access", "host": "cloudclient.aricent.com", "path": "/opt/apache-tomcat-7.0.40/logs/aricloud/monitoring.log" }
{ "index": {"_index": "log-2014.03.03", "_type": "apache-log", "_id": "3"}}
{ "message": "03-03-2014 18:39:35,030 INFO [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] com.amazonaws.http.HttpClientFactory 128 - Configuring Proxy. Proxy Host: 10.203.193.227 Proxy Port: 80", "@version": "2", "@timestamp": "2014-03-03 18:40:35", "type": "apache-access", "host": "cloudclient.aricent.com", "path": "/opt/apache-tomcat-7.0.40/logs/aricloud/monitoring.log" }
{ "index": {"_index": "log-2014.03.03", "_type": "apache-log", "_id": "4"}}
{ "message": "\tat org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:109)", "@version": "3", "@timestamp": "2014-03-03 18:43:35", "type": "apache-access", "host": "cloudclient.aricent.com", "path": "/opt/apache-tomcat-7.0.40/logs/aricloud/monitoring.log" }
{ "index": {"_index": "log-2014.03.03", "_type": "apache-log", "_id": "5"}}
{ "message": "03-03-2014 18:45:30,002 DEBUG [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] com.aricent.aricloud.monitoring.scheduler.SchedulerJob 22 - Entering SchedulerJob", "@version": "3", "@timestamp": "2014-03-03 18:45:35", "type": "apache-access", "host": "cloudclient.aricent.com", "path": "/opt/apache-tomcat-7.0.40/logs/aricloud/monitoring.log" }
\n'
-
curl -XGET 'http://10.203.251.142:9200/log-2014.03.03/_refresh'
-
query ==>
curl -XPOST http://10.203.251.142:9200/log-2014.03.03/_search -d
'{
"query": {
"match": {
"message" : {
"query": "Proxy Port",
"type" : "phrase"
}
}
}
}'
null value -
curl -XPOST http://10.203.251.142:9200/log-2014.03.03/_search -d
'{
"query": {
"constant_score": {
"filter": {
"term": { "message": "DEBUG" }
}
}
}
}
'
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9daed515-6990-45a3-af47-b87d10bc44ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.5321b914.216231b.158d%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.
