Term query with long value field

seongwon · September 12, 2017, 9:19am

I tried to search using term query with long value, but the hits were only part of whole documents.
Surprisingly, I tried to search using range query Instead of term query, then I got whole documents that I wanted.

The queries that I tried to are below.

GET txn_sql-2017.09.12/_search?sort=timestamp:asc
{
  "query": {
     "bool": {
      "filter": {
        "terms": {
          "txn_sql_tid": [
            11709120000000000,
            11709120000000002,
            11709120000000004
          ]
       }
     }
   }
 }
}

GET txn_sql-2017.09.12/_search?sort=timestamp:asc
{
 "size": 20, 
  "query": {
    "bool": {
      "filter": {
        "range": {
          "txn_sql_tid": {
            "gte": 11709120000000000,
            "lte": 11709120000000005
          }
        }
      }
    }
  }
}

And my index mapping and document are like below.

{
  "txn_sql-2017.09.12": {
    "mappings": {
      "JVM": {
        "dynamic_templates": [
          {
            "string_fields": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "keyword"
              }
            }
          },
          {
            "unindexed_longs": {
              "match": "*",
              "unmatch": "timestamp",
              "match_mapping_type": "long",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "long"
              }
            }
          },
          {
            "unindexed_doubles": {
              "match": "*",
              "match_mapping_type": "double",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "float"
              }
            }
          }
        ],
        "properties": {
          "txn_sql_tid": {
            "type": "long"
          }
          }
        }
      }
    }
  }
}

{
    "_index": "txn_sql-2017.09.12",
    "_type": "JVM",
    "_id": "AV5zZMOpGWFcK5C7kYMP",
    "_score": null,
    "_source": {
      "txn_sql_elapse_time": 0,
      "txn_sql_start_time": 1505174400473,
      "type": "JVM",
      "txn_sql_txn_hid": "81b27d038b4a75afcdf4a9b3643c0310a7dbffc3",
      "txn_sql_tid": 11709120000000002,
      "timestamp_rtm": 1505174400000,
      "tid": "1096332845530898702",
      "json_version": "v1.0",
      "tags": [
        "staging"
      ],
      "@timestamp": "2017-09-12T00:02:15.039Z",
      "user_id": "2",
      "@version": "1",
      "index_date": "2017.09.12",
      "tag": "txn_sql",
      "txn_sql_sql_hid": "155fb3499771edfeb7c82d88a372c6d9f17504cb",
      "timestamp": 1505174401075
    },
    "sort": [
      1505174401075
    ]
  }

Finally, I tried to terms aggregation with range query, then I found below response.

 GET txn_sql-2017.09.12/_search
{
  "size": 0, 
  "query": {
    "bool": {
      "filter": {
        "range": {
          "txn_sql_tid": {
            "gte": 11709120000000000,
            "lte": 11709120000000005
          }
        }
      }
    }
  },
  "aggs": {
    "NAME": {
      "terms": {
        "field": "txn_sql_tid",
        "size": 10
      }
    }
  }
}

    {
  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 10,
    "successful": 10,
    "failed": 0
  },
  "hits": {
    "total": 12,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "NAME": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": 11709120000000004,
          "doc_count": 4
        },
        {
          "key": 11709120000000000,
          "doc_count": 2
        },
        {
          "key": 11709120000000002,
          "doc_count": 2
        },
        {
          "key": 11709120000000004,
          "doc_count": 2
        },
        {
          "key": 11709120000000004,
          "doc_count": 2
        }
      ]
    }
  }
}

Why is the same value separated to other key?
Please somebody help me and explain what was wrong?

colings86 · September 12, 2017, 9:26am

Which version of Elasticsearch are you running? Also could you paste the output of GET txn_sql-2017.09.12 please?

seongwon · September 12, 2017, 11:33am

My Elasticsearch's version is 5.2.1.
Do you mean you want to know about the mapping of the index?

GET txn_sql-2017.09.12
{
  "txn_sql-2017.09.12": {
    "aliases": {},
    "mappings": {
      "_default_": {
        "dynamic_templates": [
          {
            "string_fields": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "keyword"
              }
            }
          },
          {
            "unindexed_longs": {
              "match": "*",
              "unmatch": "timestamp",
              "match_mapping_type": "long",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "long"
              }
            }
          },
          {
            "unindexed_doubles": {
              "match": "*",
              "match_mapping_type": "double",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "float"
              }
            }
          }
        ],
        "properties": {
          "@timestamp": {
            "type": "date"
          },
          "@version": {
            "type": "keyword"
          },
          "event_key_id": {
            "type": "keyword"
          },
          "index_date": {
            "type": "keyword"
          },
          "tid": {
            "type": "keyword"
          },
          "timestamp": {
            "type": "date"
          },
          "timestamp_rtm": {
            "type": "date"
          },
          "txn_sql_sql_hid": {
            "type": "keyword"
          },
          "txn_sql_start_time": {
            "type": "date"
          },
          "txn_sql_tid": {
            "type": "long"
          },
          "txn_sql_txn_hid": {
            "type": "keyword"
          }
        }
      },
      "JVM": {
        "dynamic_templates": [
          {
            "string_fields": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "keyword"
              }
            }
          },
          {
            "unindexed_longs": {
              "match": "*",
              "unmatch": "timestamp",
              "match_mapping_type": "long",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "long"
              }
            }
          },
          {
            "unindexed_doubles": {
              "match": "*",
              "match_mapping_type": "double",
              "mapping": {
                "index": false,
                "norms": false,
                "type": "float"
              }
            }
          }
        ],
        "properties": {
          "@timestamp": {
            "type": "date"
          },
          "@version": {
            "type": "keyword"
          },
          "event_key_id": {
            "type": "keyword"
          },
          "index_date": {
            "type": "keyword"
          },
          "json_version": {
            "type": "keyword",
            "index": false
          },
          "tag": {
            "type": "keyword",
            "index": false
          },
          "tags": {
            "type": "keyword",
            "index": false
          },
          "tid": {
            "type": "keyword"
          },
          "timestamp": {
            "type": "date"
          },
          "timestamp_division": {
            "type": "long",
            "index": false
          },
          "timestamp_rtm": {
            "type": "date"
          },
          "txn_sql_elapse_time": {
            "type": "long",
            "index": false
          },
          "txn_sql_sql_hid": {
            "type": "keyword"
          },
          "txn_sql_start_time": {
            "type": "date"
          },
          "txn_sql_tid": {
            "type": "long"
          },
          "txn_sql_txn_hid": {
            "type": "keyword"
          },
          "type": {
            "type": "keyword",
            "index": false
          },
          "user_id": {
            "type": "keyword",
            "index": false
          }
        }
      }
    },
    "settings": {
      "index": {
        "creation_date": "1505174477601",
        "number_of_shards": "10",
        "number_of_replicas": "0",
        "uuid": "KZXUYnr_QXSbQAyMy-W8Kw",
        "version": {
          "created": "5020199"
        },
        "provided_name": "txn_sql-2017.09.12"
      }
    }
  }
}

colings86 · September 12, 2017, 12:11pm

Yes, It was the concrete mappings that I was after, thanks. My hunch was that the field was not being mapped as intended but it looks like it is indeed mapped as a long on both your types.

Christian_Dahlqvist · September 12, 2017, 12:21pm

Is this perhaps related to the precision of long numbers in JavaScript as your numbers are quite long? What happens if you send the numbers as strings and let Elasticsearch convert it?

GET txn_sql-2017.09.12/_search?sort=timestamp:asc
{
  "query": {
     "bool": {
      "filter": {
        "terms": {
          "txn_sql_tid": [
            "11709120000000000",
            "11709120000000002",
            "11709120000000004"
          ]
       }
     }
   }
 }
}

seongwon · September 13, 2017, 4:19am

yes. I think maybe Elasticsearch converted the string to number.
The result exactly same whether sending the numbers as strings or not.

{
  "took": 63,
  "timed_out": false,
  "_shards": {
    "total": 10,
    "successful": 10,
    "failed": 0
  },
  "hits": {
    "total": 4,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "NAME": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": 11709120000000002,
          "doc_count": 2
        },
        {
          "key": 11709120000000004,
          "doc_count": 2
        }
      ]
    }
  }
}

But the actual documents count is 12.

And I tried to the same queries on Linux using curl, but the result was same.
I can't find the result that I wanted.

system · October 11, 2017, 4:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Term filter failed on very long fields Elasticsearch	4	464	July 6, 2017
Filtering by Long.MAX_VALUE does not return any result Elasticsearch	5	676	October 23, 2019
ES long field has string value indexed Elasticsearch	4	814	January 18, 2019
Query on numeric data type Elasticsearch	6	5657	April 13, 2017
Querying a LONG field Elasticsearch	5	362	July 6, 2017

Term query with long value field

Related topics