Menu
I want to exactly match the string ":Feed:" in a message field and go back a day pull all such records. The json I have seems to also match the plain word " feed ". I am not sure where I am going wrong. Do I need to add "constant_score" to this query JSON? The JSON I have currently is as shown below:
{ "query": { "bool": { "must": { "query_string": { "fields": ["message"], "query": "\\:Feed\\:" } }, "must": { "range": { "timestamp": { "gte": "now-1d", "lte": "now" } } } } } } 
338
The match query is the standard query for performing a full-text search, including options for fuzzy matching.
Match phrase queryeditA phrase query matches terms up to a configurable slop (which defaults to 0) in any order. Transposed terms have a slop of 2. The analyzer can be set to control which analyzer will perform the analysis process on the text.
In Elasticsearch, fuzzy query means the terms are not the exact matches of the index. The result is 2, but you can use fuzziness to find the correct word for a typo in Elasticsearch's fuzzy in Match Query. For 6 characters, the Elasticsearch by default will allow 2 edit distance.
As stated here: Finding Exact Values, since the field has been analyzed when indexed - you have no way of exact-matching its tokens (":"). Whenever the tokens should be searchable the mapping should be "not_analyzed" and the data needs to be re-indexed.
If you want to be able to easily match only ":feed:" inside the message field you might want to costumize an analyzer which doesn't tokenize ":" so you will be able to query the field with a simple "match" query instead of wild characters.
52
Not able to do this with query_string but managed to do so by creating a custom normalizer and then using a "match" or "term" query.
The following steps worked for me.
create a custom normalizer (available >V5.2)
"settings": { "analysis": { "normalizer": { "my_normalizer": { "type": "custom", "filter": ["lowercase"] } } } }
Create a mapping with type "keyword"
{ "mappings": { "default": { "properties": { "title": { "type": "text", "fields": { "normalize": { "type": "keyword", "normalizer": "my_normalizer" }, "keyword" : { "type": "keyword" } } } } } } use match or term query
{ "query": { "bool": { "must": [ { "match": { "title.normalize": "string to match" } } ] } } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
