Search queries showing wrong results

Raghuveer_SJ · August 20, 2018, 4:44am

I saw in documentation that its better to have less indexes and created only 1 index for all my different types of JSON.

I have a fields.log_type which shows different types of services that generate the logs. When I make a query the said field exists in all logs and one more field responseCode exists in only 1 service log. So when I query I am getting wrong results kindly suggest.

fields.log_type: tomcat and responseCode: 200

Nathan_Reese · August 20, 2018, 7:08pm

Can you provide the mapping for the index? Specifically, for fields and responseCode.

What does your query HTTP request look like? Can you try your query in Kibana Dev Tools -> Console and paste the query here?

Why is the query not working? Is it returning an error? If not, what results is the query returning and why are they not what you expected?

Raghuveer_SJ · August 21, 2018, 4:10am

No sure what you need about the fields. These are the fields that are generated by filebeat and logstash respectively.

The query is returning incorrect set of records its not a rest query its the SQL type query in kibana using which we search for records or filter records.

My query looks like

GET /_search
{
  "from": 0,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "logLevel.keyword": {
              "query": "ERROR",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1
    }
  }
}

In kibana the query is working fine but in my JAVA code something is missing due to which I get response as 0 from response.getHits().getTotalHits()

Raghuveer_SJ · August 29, 2018, 8:26am

The below DSL works just fine but my java code, the RestHighLevelClient is not returning me anyting I have totally exhausted all my resources :

GET /_search
{
  "from": 0,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "logLevel.keyword": {
              "query": "ERROR",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1
    }
  }
}

response.getHits().getTotalHits() is returning 0 and I am expecting 1. Please help.

Nathan_Reese · August 29, 2018, 2:11pm

its not a rest query its the SQL type query in kibana

All queries to elasticsearch are REST - they are transported over HTTP and use the verbs GET, POST, PUT, and DELETE. The Java client uses the exact same mechanism, it just provides a nice API around the underlying HTTP requests and responses.

Log the query request generated by the Java client, in either elasticsearch or via the Java client. Then compare how the _search request is different between the working version and the Java generated version.

system · September 26, 2018, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.