Home > Enterprise >  Elasticsearch not finding match for document that contains query
Elasticsearch not finding match for document that contains query

Time:01-28

I am trying to search an index for documents that have exception field containing "semaphore" AND "RabbitMQ.Client.Impl".

Example exception:

System.ObjectDisposedException: The semaphore has been disposed.
   at System.Threading.SemaphoreSlim.Release(Int32 releaseCount)
   at RabbitMQ.Client.Impl.AsyncConsumerWorkService.WorkPool.HandleConcurrent(Work work, IModel model, SemaphoreSlim limiter)

When I search for "semaphore" - document is returned - great!

POST /logs-2023-01/_search?pretty=true
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "exception": "semaphore"
          }
        },

        {
          "range": {
            "logDate": {
              "gte": "now-43200m"
            }
          }
        }
      ]
    }
  },

  "size": 1000
}

Query above returns:

{
  "took": 5,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 7.5582323,
    "hits": [
      {
        "_index": "logs-2023-01",
        "_type": "record",
        "_id": "q21yk4UBAdlSjmEEw5gy",
        "_score": 7.5582323,
        "_source": {
          "applicationName": "k8s-application",
          "logDate": "2023-01-08T22:13:59.873",
          "logLevel": "Error",
          "loggerName": "TaskScheduler.UnobservedTaskException.Logger",
          "machineName": "k8s-pod-6755d4997c-rztgl",
          "threadId": "2",
          "message": "An unobserved task exception occurred. The semaphore has been disposed.",
          "exception": """
System.ObjectDisposedException: The semaphore has been disposed.
   at System.Threading.SemaphoreSlim.Release(Int32 releaseCount)
   at RabbitMQ.Client.Impl.AsyncConsumerWorkService.WorkPool.HandleConcurrent(Work work, IModel model, SemaphoreSlim limiter)

""",
          "sortDate": "2023-01-08T22:13:59.000027026"
        }
      }
    ]
  }
}

However when I do same search for query "RabbitMQ.Client.Impl" (which is 100% contained in the exception) - I get nothing - why?

POST /logs-2023-01/_search?pretty=true
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "exception": "RabbitMQ.Client.Impl"
          }
        },

        {
          "range": {
            "logDate": {
              "gte": "now-43200m"
            }
          }
        }
      ]
    }
  },

  "size": 1000
}

Query above returns:

{
  "took": 8,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 0,
    "max_score": null,
    "hits": []
  }
}

CodePudding user response:

Tldr;

match queries will look for exact tokens.

Solution

Tokens are generated at ingestion time by the analyser. The default analyser split token on whitespace.

Which means rabbitmq.client.impl.asyncconsumerworkservice.workpool.handleconcurrent is going to be a token.

Which is not going to match RabbitMQ.Client.Impl

But you can use match_phrase_prefix

with the following query:

GET 75236255/_search
{
  "query": {
    "match_phrase_prefix": {
      "exception": "RabbitMQ.Client.Impl"
    }
  }
}

Page link:https//www.codepudding.com/Enterprise/685230.html

Prev:WPF window title doesn't change from xaml
Next:Elasticsearch Completion Suggester - How to discard non-letter characters during indexing?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding