user1582752
Reputation: 23
Elastic search: why does wildcard query return no result?
I am new to ES. I created an index:
PUT test
{
"mappings": {
"logEvent":{
"dynamic": "false",
"properties": {
"hostName":{
"type": "keyword"
},
"message":{
"type": "text"
}
"timeStamp":{
type:"date"
}
}
}
}
}
I inserted a row
"User:x;level:x1; loged in
Then I tryied to run the query:
GET test/logEvent/_search
{
"query":{
"wildcard":{
"message": "User:*;level:x1; loged in"
}
}
}
I get nothing in return from query. What am I doing wrong here?
Upvotes: 2
Views: 828
Answers (1)
Marko Vranjkovic
Reputation: 6869
Wildcard query can be used only on not analyzed fields. You need to change your mapping so that message is multi-field, both text and keyword:
{
"mappings": {
"logEvent": {
"dynamic": "false",
"properties": {
"hostName": {
"type": "keyword"
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"timeStamp": {
"type": "date"
}
}
}
}
}
and then query with:
{
"query": {
"wildcard": {
"message.keyword": "User:*;level:x1; loged in"
}
}
}
In the mappings, set ignore_above to the max length of your message
Upvotes: 4
Related Questions
- Why does elastic search wildcard query return no results?
- ElasticSearch inconsistent wildcard search
- How to query ElasticSearch with a wildcard
- Wildcard query only returns results if query is exactly "*"
- Can't get wild card query to work on multiple fields in elasticsearch
- elasticsearch wild card query not working
- Elasticsearch query with wildcards
- Elastic search wildcard query working by text query not
- QueryString query with wildcard omitting result
- Elasticsearch: Wildcard query returns error