ElasticSearch - Combining query match with wildcard

1
votes

I'm fairly new to ElasticSearch still, but I'm currently trying to wrap my head around why I am not able to mix a wildcard query with a match as well.

Take this JSON body for example

{
    "size":"10",
    "from":0,
    "index":"example",
    "type":"logs",
    "body":{
        "query":{
            "match":{
                "account":"1234"
            },
            "wildcard":{
                "_all":"*test*"
            }
        },
        "sort":{
            "timestamp":{
                "order":"desc"
            }
        }
    }
}

It returns with the error "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed;" (Full dump: http://pastebin.com/uJJZm8fQ)

However, if I remove either the wildcard or match key from the request body - it returns results as expected. I've been going through the documentation and I'm not really able to find any relevant content at all. At first I thought it was to do with the _all parameter, but even if I explicitly specify a key, the same result occurs.

Before I assume that I should be using the 'bool' operator, or something alike to mix my query types, is there any explanation for this?

1
jsonelasticsearchwildcard
This error is because you have invalid json field index, (and there are other too). Are you doing direct CURL request, or using elasticsearch drivers for specific programming language?progrrammer
I was originally using the official PHP library, but I've been doing debugging/testing with CURL.Can you elaborate on "invalid JSON field index"?user1959825

1 Answers

1
votes

The exception says that it does not understand the field "index". When querying Elasticsearch you include the index name and type in the URL. There is no wildcard search in a match query. There is a wildcard search in the query_string query.

Your query should be something like this with match:

POST /example/logs/_search
{
  "size": 10,
  "from": 0,
  "query" : {
    "match": {
      "account": "1234"
    }
  },
  "sort": {
    "timestamp" : {
      "order": "desc"
  }
}

Or something like this with query_string:

POST /example/logs/_search
{
  "size": 10,
  "from": 0,
  "query" : {
    "query_string": {
      "default_field": "account",
      "query": "*1234*"
    }
  },
  "sort": {
    "timestamp" : {
      "order": "desc"
  }
}

EDIT: Adding an example of a wildcard query:

POST /example/logs/_search
{
  "size": 10,
  "from": 0,
  "query" : {
    "wildcard": "*test*"
  },
  "sort": {
    "timestamp" : {
      "order": "desc"
  }
}