Lucas Kauffman
Reputation: 6881
Elasticsearch: Wildcard query returns error
I have following data in my ES database
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 618,
"max_score": 1,
"hits": [
{
"_index": "secse",
"_type": "monologue",
"_id": "4",
"_score": 1,
"_source": {
"username": "balpha",
"timestamp": "2011-03-04T00:00:00",
"identifier": "4",
"messages": [
{
"message": "\n \n \n\r\n @Iszi new feature: \r\n \n\n\n",
"identifier": "604694"
},
{
"message": "\n \n\n3A: Chat clean up & owner rulesSure. In most cases, the room owner is more or less arbitrary, because it's just the person who was first to create the (e.g.) PHP room. But of course it makes sense to have several owners, especially for rooms that are quite active and have developed their own \"style\", and have those owners be p...\n\n\n\n",
"identifier": "604695"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "4331",
"_score": 1,
"_source": {
"username": "Jenko",
"timestamp": "2011-01-06T00:00:00",
"identifier": "4331",
"messages": [
{
"message": "\n \n\n0Q: Prevent acccess to the C driveIs it possible to prevent regular users from accessing or modifying the C drive? they should be allowed to execute certain programs. This is to ensure that employees cannot steal or copy out proprietary software even though they should be able to execute it.\n\nThis is for Windows XP/7.\nsecurity protection access-control\n\n\n\n",
"identifier": "290604"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "4728",
"_score": 1,
"_source": {
"username": "JHarley1",
"timestamp": "2011-01-12T00:00:00",
"identifier": "4728",
"messages": [
{
"message": "\n \n\r\n I am just reading up on Kerberos in regards to application security, does anyone know anything about it? \r\n \n\n\n",
"identifier": "308589"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "6356",
"_score": 1,
"_source": {
"username": "itsnotvalid",
"timestamp": "2011-01-29T00:00:00",
"identifier": "6356",
"messages": [
{
"message": "\n \n\r\n well, i can talk without being a member in security.sx \r\n \n\n\n",
"identifier": "428619"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "4658",
"_score": 1,
"_source": {
"username": "Essobi",
"timestamp": "2011-01-20T00:00:00",
"identifier": "4658",
"messages": [
{
"message": "\n \n\r\n doing fine \r\n \n\n\n",
"identifier": "389309"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "6705",
"_score": 1,
"_source": {
"username": "Richard Gadsden",
"timestamp": "2011-05-14T00:00:00",
"identifier": "6705",
"messages": [
{
"message": "\n \n\r\n Afternoon, @ScottPack (3:25pm here) \r\n \n\n\n",
"identifier": "978411"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "12635",
"_score": 1,
"_source": {
"username": "WZeberaFFS",
"timestamp": "2011-05-06T00:00:00",
"identifier": "12635",
"messages": [
{
"message": "\n \n\r\n @Iszi agreed +1 :) \r\n \n\n\n",
"identifier": "933929"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "13335",
"_score": 1,
"_source": {
"username": "Justin",
"timestamp": "2011-04-29T00:00:00",
"identifier": "13335",
"messages": [
{
"message": "\n \n\r\n @ThomasPornin Shouldn't the encyclopedia only include questions as such? So if said question is a terrible one why not correct the question to meet the answer? \r\n \n\n\n",
"identifier": "903332"
},
{
"message": "\n \n\r\n Nevermind, I just thought about it. \r\n \n\n\n",
"identifier": "903334"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "1084",
"_score": 1,
"_source": {
"username": "Ben Pilbrow",
"timestamp": "2011-03-30T00:00:00",
"identifier": "1084",
"messages": [
{
"message": "\n \n\r\n We'll get a complaining post on Meta if we're not careful. Something to strive for I guess :-) \r\n \n\n\n",
"identifier": "752945"
}
]
}
},
{
"_index": "secse",
"_type": "monologue",
"_id": "10608",
"_score": 1,
"_source": {
"username": "Fred1234",
"timestamp": "2011-04-08T00:00:00",
"identifier": "10608",
"messages": [
{
"message": "\n \n\r\n Hi guys... \r\n \n\n\n",
"identifier": "795968"
}
]
}
}
]
}
}
I wanted to use following query to return all entries with a timestamp of 2011:
GET _search
{"query" : {
"wildcard" : { "timestamp" : "2011*" }
}
}
But I'm getting following error:
{
"error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[vqcfh1FdQyGetag21_zKTQ][secse][0]: SearchParseException[[secse][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n \"wildcard\" : { \"timestamp\" : \"2011*\" }\n }\n }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][1]: SearchParseException[[secse][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n \"wildcard\" : { \"timestamp\" : \"2011*\" }\n }\n }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][2]: SearchParseException[[secse][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n \"wildcard\" : { \"timestamp\" : \"2011*\" }\n }\n }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][3]: SearchParseException[[secse][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n \"wildcard\" : { \"timestamp\" : \"2011*\" }\n }\n }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][4]: SearchParseException[[secse][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n \"wildcard\" : { \"timestamp\" : \"2011*\" }\n }\n }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }]",
"status": 400
}
Upvotes: 0
Views: 287
Answers (1)
Val
Reputation: 217254
So basically you want all the document whose timestamp is in 2011. You can do it more simply and efficiently with a range query.
Try this:
curl -XPOST localhost:9200/_search -d '{
"query": {
"range": {
"timestamp": {
"gte": "2011",
"lte": "2011",
"format": "yyyy"
}
}
}
}'
Upvotes: 1
Related Questions
- Why does elastic search wildcard query return no results?
- Not able to write the wildcard query for ElasticSearch?
- ElasticSearch inconsistent wildcard search
- How to query ElasticSearch with a wildcard
- Elasticsearch throws error about malformed wildcard query even though query follows documentation
- Can't get wild card query to work on multiple fields in elasticsearch
- elasticsearch wild card query not working
- Elasticsearch query with wildcards
- Elastic search: why does wildcard query return no result?
- Elastic search wildcard query working by text query not