Does elasticsearch index pattern support wildcards other than '*' but would match ex. a single character?
I'm trying to solve an issue with wrong index matching that someone implemented:
Indexes are called index-{customername}-{date} (ex. index-google-2020-12-31) but author did not consider that {customername} can contain dash. As a result query
curl localhost:9200/index-google-company-*/_search would also match index index-google-company-spies-me-2020-12-31.
I could fing a symbol that is not allowed in the ID (ex. ~) but then I need to re-index all the data.
Related
I have 2 documents in elasticsearch. There is a field domain that has 8.8.8.8 as value and other has ip-188-165-238.eu as value.
When I'm trying to find 8.8.8.8 it finds both of the documents.
Problem is that the dot "." is a separator in elasticsearch and I can't find any option to escape it in search query. I tried 8\.8\.8\.8 but still the same results.
The question is if there is any way of escaping dot in ES query? Or maybe some workaournd?
The Wildcard Query offers a rewrite parameter to influence how Lucene calculates the relevance scores. On keyword fields this works as expected but it does not seem to work with the new wildcard field type which belongs to the keyword family. Is this an expected behavior or a bug?
As confirmed by Elastic staff, the rewrite parameter is unsupported. Unlike keyword fields, the wildcard field doesn't have a single indexed token for each term so it has no pre-built count for the document frequency of whole values. Instead it uses an ngram index which obviously has different frequencies for the multiple terms a search string can be broken down into.
In elastic search is it possible to search aliases of search tokens, for example, if users are searching for ‘USD’ then they should also get results matching ‘dollar’.
Yes, what you are referring is the synonym search which can be achieved by creating the additional tokens in your index for USD, which is dollar in your case, Please read more about here. This way now as you have both these tokens present in your inverted index, hence searching for any of this would give the search result.
How can one search trough the same property with both a case-sensitive Term query and a case insensitive Match query?
We have a Tags property that for several reasons we need to make case-sensitive. So we would like to search trough in this manner using relevance boosting to put the exact Term matches at the top while the potentially less relevant results with different casing lower in the results.
I know that the lowercase filter for index analysis allows for case-insensitive searching using Match queries, but as I mentioned we need to keep the Tags case-sensitive.
For now we use a keyword analyzer without lowercase filter on the tags to provide exact Term matches that are case-sensitive. Adding a Match query to that is useless because it is comparing against cased tokens.
Is there a way to achieve this?
How do you return a match for facets that begin with a certain letter? For instance, Elasticsearch suggests you use the query "T*" to return all titles that begin with the letter T. However, this seems to return titles that contain any words that begin with the letter T. For example, "Trees and Shrubs" as well as "How to Prune Trees." I only want to return "Trees and Shrubs". I tried using "^T*", but that returns SearchPhraseExecutionException.
By default, elasticsearch analyzes the fields using the default analyzer, which splits the field up into tokens split generally on English-language word boundaries. So "How to Prune Trees" gets split into ("How", "to", "Prune", "Trees") and the token "Trees" subsequently matches your query, "T*". To avoid this, you have to specify that the field is not_analyzed in the object mapping. This makes elasticsearch effectively treat the field value as one giant token, which it will then match correctly against your prefix query.
You might also check out the prefix query, but this is effectively just another way of issuing the same query. You still need to specify that the field is not analyzed in the mapping.