Use multiple wildcards DSL Query

lutundula_jeanchris · April 20, 2018, 9:17am

Hello everyone , I just started using "DSL query" on my ELK platform and i want to make a DSL request that can use wildcard to perform matching search . my request will find all the mail_domain (term) that end with "mail.com" , "test.com" , "email.com" basically a list of domains , and dsplay them .

Here's my resquest

{
"query": {
"wildcard": {
"mail_domain.keyword": ["*mail.com" , "*email.com" , "*test.com"]
}
}
}

it seems like wilcard can't take an array of a term values . Do you have any idea how can i do it ?

Thanks

ppisljar · April 20, 2018, 1:19pm

This looks like a really bad idea. Elasticsearch will need to go thru every document to find those matches. To do this right you will need to index your data appropriately. Maybe add a domain field (with mail.com, email.com, ... values), or even a simple boolean field isMyMatchedEmailDomain

you could also use https://www.elastic.co/guide/en/elasticsearch/reference/6.2/analysis-reverse-tokenfilter.html to optimize your index for prefix wildcard searches

lutundula_jeanchris · April 23, 2018, 12:52pm

Thanks man

system · May 21, 2018, 12:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.