Hey,
i would like to understand why my search query behaves that unexpectedly.
I have an index with 3 docs:
{
"_index" : "test_index",
"_type" : "_doc",
"_id" : "2",
"_score" : 1.0,
"_source" : {
"domain" : "test22222.com"
}
},
{
"_index" : "test_index",
"_type" : "_doc",
"_id" : "3",
"_score" : 1.0,
"_source" : {
"domain" : "test22222"
}
},
{
"_index" : "test_index",
"_type" : "_doc",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"domain" : "test.com"
}
}
the query i would like to use is:
GET test_index/_search
{
"query": {
"query_string": {
"query": "*test22222.com*",
"default_field": "domain"
}
}
}
but the result is 0 hits. 
The following queries i have tried to understand the reason
"query": "*test*" => doc ids 1, 2 and 3 are found 
"query": "*test22222*" => doc ids 2 and 3 are found
"query": "*test.com*" => doc id 1 is found
"query": "*test22222.com*" => nothing found
As soon as i delete "default_field": "domain" from query_string, "query": "*test22222.com*" founds doc id 2 as expected. But then the query needs >25 times longer to retrieve the result in my real application.
Using fields instead of default_field results in exactly the save problem.
{
"query": {
"query_string": {
"query": "*test22222.com*",
"fields": ["domain"]
}
}
}
Any one an Idea how to handle that? The combination of letters, numbers and . seems to be a problem. As long as i have only two of them the results seem to be right.
Cluster: 7.13 (Nodes: 3 master, 9 hot, 6 warm)
Thanks
Andreas