Search requests for an exact mach on a value with ampersand

Hi all,
I'm trying to resolve an issue we have where the field has an ampersand.
I did a search on a different field (field_id)and found this document (edited to remove most of it):
{ "_index": "index_v1", "_type": "item", "_id": "aaaaaaaaa", "_score": 1, "_source": { "field_name": "Testing & Ampersand", "field_id": 1234 } }

But then when I run this request:

GET /index_v1/_search
    "query" : {
        "term" : { "field_name": "Testing & Ampersand" }

I get no hits, do i need to escape the ampersand in a specific way? %26 and & seem to have no effect


What is the data type for field_name?
What analyzer are you using for this field?

The field is the "keyword" data type and the analyzer is "en_standard"


It can't be keyword with an analyzer.
Are you sure?

Sorry, I asked a colleague then didn't put the full info on here:

"field_name": {
 "type": "text",
 "analyzer": "en_standard",
 "fields": {
  "raw": {
   "type": "keyword"

the request we send is a query for the field_name.raw field.

I've since found that if I run:

GET /index_v1/_search
    "query" : {
        "term" : { "field_name.raw": "Testing & Ampersand" }

It does return the expected results, I think the issue is that our application that builds and sends the request to elastic is escaping the & to &

Is there anything that you know of in the Java SDK that might be doing this kind of escaping automatically? We use the TransportClient so could it be that using HTTP encoding?


I don't think so. But if you are getting this value from a web form coming from an user may be there is some transformation before it actually goes to elasticsearch.

You should get rid of it. Use the Rest client instead.

Thanks David, we are in the process of moving to the REST client instead :smiley:

You were right on the transformation issue. The frontend was sending it as "&".

I had put some code in to un-escape the & but I was using the wrong decoder (URL not HTML :man_facepalming:) , I changed it to a simple replace function and it seems to work now as it sending the corrected value in the request.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.