ROHITH P
Reputation: 27
How to get exact single match in elastic search
Documents in ES look like this
{
"indicator": "27.213.61.96",
"itype": "ipv4",
}
{
"indicator": "http://27.213.61.96:44375/Mozi.m",
"itype": "url",
}
wanted to get "indicator": "27.213.61.96" object and for that tries with match_phrase, term query and constant_score query which is as below
{
"query" : {
"constant_score" : {
"filter" : {
"term" : {
"indicator" : "27.213.61.96"
}
}
}
}
}
{
"query": {
"term": {
"indicator": "27.213.61.96"
}
}
}
In response getting both the objects but want only below object in response. Is there any way to get that. Mapping is the default mapping and any way to get excepted result without changing mapping.
{
"indicator": "27.213.61.96",
"itype": "ipv4",
}
Upvotes: 0
Views: 61
Answers (1)
Bhavya
Reputation: 16172
You need to add .keyword to the indicator field. This uses the keyword analyzer instead of the standard analyzer (notice the ".keyword" after indicator field). Try out this below query -
{
"query": {
"term": {
"indicator.keyword": "27.213.61.96"
}
}
}
Search Result:
"hits": [
{
"_index": "64922836",
"_type": "_doc",
"_id": "1",
"_score": 1.0,
"_source": {
"indicator": "27.213.61.96",
"itype": "ipv4"
}
}
]
Upvotes: 1
Related Questions
- Exact match in elastic search query
- Exact matches in elastic index
- How to do an exact match query in ElasticSearch?
- Get exact match from elasticsearch
- Elasticsearch exact match of specific field
- Elastic search exact match
- Elasticsearch find ONLY perfect match
- Elasticsearch exact match or query
- exact match query in elasticsearch
- How to get Elastic search to return both exact matched and then other matches in result