Search queries showing wrong results

Elastic Stack Kibana
1

I saw in documentation that its better to have less indexes and created only 1 index for all my different types of JSON.

I have a fields.log_type which shows different types of services that generate the logs. When I make a query the said field exists in all logs and one more field responseCode exists in only 1 service log. So when I query I am getting wrong results kindly suggest.

fields.log_type: tomcat and responseCode: 200

2

Can you provide the mapping for the index? Specifically, for fields and responseCode.

What does your query HTTP request look like? Can you try your query in Kibana Dev Tools -> Console and paste the query here?

Why is the query not working? Is it returning an error? If not, what results is the query returning and why are they not what you expected?

3

No sure what you need about the fields. These are the fields that are generated by filebeat and logstash respectively.

The query is returning incorrect set of records its not a rest query its the SQL type query in kibana using which we search for records or filter records.

My query looks like :slight_smile:

GET /_search
{
  "from": 0,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "logLevel.keyword": {
              "query": "ERROR",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1
    }
  }
}

In kibana the query is working fine but in my JAVA code something is missing due to which I get response as 0 from response.getHits().getTotalHits()

4

The below DSL works just fine but my java code, the RestHighLevelClient is not returning me anyting I have totally exhausted all my resources :

GET /_search
{
  "from": 0,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "logLevel.keyword": {
              "query": "ERROR",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1
    }
  }
}

response.getHits().getTotalHits() is returning 0 and I am expecting 1. Please help.

5

its not a rest query its the SQL type query in kibana

All queries to elasticsearch are REST - they are transported over HTTP and use the verbs GET, POST, PUT, and DELETE. The Java client uses the exact same mechanism, it just provides a nice API around the underlying HTTP requests and responses.

Log the query request generated by the Java client, in either elasticsearch or via the Java client. Then compare how the _search request is different between the working version and the Java generated version.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.