Query returns non matching records

ManuMP · August 14, 2019, 10:22am

Hi ,

I am using the following query to identify log entries having the message "DeviceStatus changed to Idle" within a period. But the query also returns the following messages

"Module State is changed to idle ModuleName : PA Previous State Idle"
"Module State is changed to idle ModuleName : PM2 Previous State Idle"

{
"query": {
"bool":{
"must":[
{ "match":{
"Message":"DeviceStatus changed to Idle"
}
},
{ "range":{
"@timestamp":{
"gte":"2019-08-08T13:42:39.307Z",
"lt":"2019-08-08T13:42:40.430Z"
}
}
}
]
}
}
}

What changes should be made to get matching records?

spinscale · August 14, 2019, 10:27am

hey,

note that the default operator for the match query is OR, see https://www.elastic.co/guide/en/elasticsearch/reference/7.3/query-dsl-match-query.html#query-dsl-match-query-boolean

If that is not your issue, please provide a fully reproducible example.

Thanks!

system · September 11, 2019, 10:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Term query retrieved not matched document Elasticsearch	1	316	July 10, 2018
DSL query match doesnt work Elasticsearch	4	405	July 1, 2019
Getting false hits on queries (boolean, match, term, and filters) Elasticsearch	5	2650	August 31, 2021
Match regular expressions in match or match_phrase queries Elasticsearch elastic-stack-alerting	3	7037	July 6, 2017
What's wrong with my query? Elasticsearch	3	387	June 13, 2019

Query returns non matching records

Related topics