My task at hand: group all events which labels start with Dec* OR Back* into one filter. I assumed,
label:Dec* OR label:Back*
should work, but it does not, I get 0 results. Nor does
label:(Dec* or Back*)
though this one works:
label:(Decoration-flag_usa or Decoration-flag_rus)
tried regexp version
label:(Dec.* or Back.*)
which doesn't work either. Should it work there?
Hi Viktor,
On my data, I just tried extension:jp* OR extension:ph* and it found all docs with jpg and php extensions.
But if your 'label' is analyzed then it's probably splitting 'decoration-flag_usa' into 'decoration' and 'flag_usa'. I'm not sure, but that could be the problem.
Do you have the raw version of label? Like 'label.raw'? If you do, please try that.
If you don't, you might need to change your mapping so that you also have that unanalyzed field.
Regards,
Lee
Thanks! Yeah, researching further, it works on other values of that same field that do not have a '-' sign.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.