I use two field types: text and wildcard to store the same error log. When I query, I find the missing content
GET test-wildcard/_search
{
"query": {
"match": {
"json.thrown.stack": "*invokeWithoutCircuitBreaker$LOG4X*"
}
}
}
GET test-text/_search
{
"query": {
"match": {
"json.thrown.stack": "invokeWithoutCircuitBreaker$LOG4X"
}
}
}
Is my query method wrong or the problem caused by the wildcard field type?
Hi.
match query doesn't support wildcard syntax.
Try
{
"query": {
"wildcard": {
"json.thrown.stack": {
"value":"*invokeWithoutCircuitBreaker$LOG4X*"
}
}
}
}Thanks for your reply !
I tried the wildcard syntax, but the result is the same, there is still a difference with the result of the text field type search.
GET test-wildcard/_search
{
"query": {
"wildcard": {
"json.thrown.stack": {
"value": "*invokeWithoutCircuitBreaker$LOG4X*"
}
}
}
}
That's because the query/field combos are doing fundamentally different things.
One is an exact search for an exact sequence of characters (wildcard query on wildcard field)
The other is matching any word in a list of presented words (match query on text field). The words are potentially stripped of case differences and separated by characters determined by the text field's choice of Analyzer.
That's right !
The wildcard field does not ignore case, so the returned results will look different.
Thanks for helping me out !
No problem.
We are working on adding case insensitive search options.
For now you can use a regexp query instead of the wildcard and list each character with its allowed variants e.g. Case becomes [Cc][Aa][Ss][Ee]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
