I am using kibanna I am trying to put filter on a field container_name = "armenian" but I have other container names with following names
- armenian_alpha
- armenian_beta
- armenian_gama
- armenian1
- armenian2
after putting the filter , search query in kibanna becomes
{
"query": {
"match": {
"container_name": {
"query": "armenian",
"type": "phrase"
}
}
}
}
But the output searches logs for all containers , as I can see the Elastic search query is using a pattern matching
How can I put an exact match with the string provided and avoid the rest ?
CodePudding user response:
I would recommend using a direct wildcard in query
or wildcard
as follow
GET /_search
{
"query": {
"match": {
"container_name": {
"query": "*armenian",
"type": "phrase"
}
}
}
}
GET /_search
{
"query": {
"wildcard": {
"container_name": {
"value": "*armenian"
}
}
}
}
With *armenian
you are ensuring that armenian
comes at the end.
CodePudding user response:
You can try out with term
query. Do note that it is case sensitive by default unless you specify with case_insensitive
equals to true
. Also, if your container_name
is a text
field type instead of keyword
field type, do add the .keyword
after the field name. Otherwise, ignore the .keyword
.
Example:
GET /_search
{
"query": {
"term": {
"container_name.keyword": {
"value": "armenian"
}
}
}
}
Link here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html