I'm getting strange search result while searching apache logs:
GET /filebeat-6.3.0-2018.06.27/_search
{
"query": { "match": { "message": "/fonts/Roboto-Bold.ttf" } }
}
Result total is 88
GET /filebeat-6.3.0-2018.06.27/_search
{
"query": { "match": { "message": "s/fonts/Roboto-Bold.ttf" } }
}
Result total is 371
Second query is more detailed, so the number of results shold be the same or less, or I'm missing something obvious
hi @waitangi,
this seems more like an Elasticsearch question, but the match-query, how it is written here just will do a string match because it just has a single term.
Maybe you just have more documents that have a message field that match with s/fonts/Roboto-Bold.ttf iso /fonts/Roboto-Bold.ttf?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.