Elasticsearch request not processed

Question

Elasticsearch request not processed

I am trying to get a very simple filtered query to work with Elasticsearch. I have a logstash index that has multiple entries for network traffic logs. I am trying to filter based on the HTTP request type - GET. Here is what I have filtered out the query looking like ...

curl -XGET "http://<myhost>:9200/<myindex>/_search?pretty" -d '
{
    "query": {
        "filtered": {
            "query": {
                "match_all": {}     
            },
          "filter": {
              "term": {"verb":"GET"}
            }
        }
      }
  }
}'

This is similar to the syntax with the documentation here, http://www.elasticsearch.com/guide/en/elasticsearch/guide/current/_combining_queries_with_filters.html

But I get 0 hits. The same query works with exact match syntax. I have thousands of such messages, where the "verb": "GET"

Any help is appreciated.

+3

elasticsearch

theHawkeye 08 nov. 14 at 16:03

source to share

1 answer

Andrei Stefan · Accepted Answer · 2014-11-08T17:31:45+0000

If your field verb

was indexed using the default parser, then most likely it ended up indexed as lower case: "get" instead of "GET", "delete" instead of "DELETE".

term

filtering only gets the filtered value GET

in your query and doesn't parse it (this is how it works). So basically you are looking for value GET

in a list of documents containing GET

, delete

, post

etc.

That being said, you need to look for the bottom value:

{
    "query": {
        "filtered": {
            "query": {
                "match_all": {}     
            },
          "filter": {
              "term": {"verb":"get"}
            }
        } } } }

Elasticsearch request not processed

More articles: