Search with upper case characters not returning results in the elastic search prefix query. I have not defined any analyzer in the mapping and assume elastic search will use the default mapping for both indexing and search .
{
"access-event-logs_2016-02-08t00:00:00-08:00": {
"mappings": {
"session-summary": {
"dynamic_templates": [
{
"long_1": {
"mapping": {
"type": "long"
},
"match": "generation"
}
},
{
"datetime_1": {
"mapping": {
"format": "strict_date_optional_time||epoch_millis",
"type": "date"
},
"match": "*DateTime"
}
},
{
"string_1": {
"mapping": {
"index": "not_analyzed",
"type": "string"
},
"match": "*"
}
}
],
"properties": {
"Access_Policy_Result": {
"type": "string",
"index": "not_analyzed"
},
"Bytes_In": {
"type": "string",
"index": "not_analyzed"
},
"Bytes_Out": {
"type": "string",
"index": "not_analyzed"
},
"Client_IP": {
"type": "string",
"index": "not_analyzed"
},
"Client_Platform": {
"type": "string",
"index": "not_analyzed"
},
"Continent": {
"type": "string",
"index": "not_analyzed"
},
"Country": {
"type": "string",
"index": "not_analyzed"
},
"Partition": {
"type": "string",
"index": "not_analyzed"
},
"Reputation": {
"type": "string",
"index": "not_analyzed"
},
"State": {
"type": "string",
"index": "not_analyzed"
},
"User_Name": {
"type": "string",
"index": "not_analyzed"
},
"Virtual_IP": {
"type": "string",
"index": "not_analyzed"
},
"accessProfile": {
"type": "string",
"index": "not_analyzed"
},
"active": {
"type": "string",
"index": "not_analyzed"
},
"badIpReputation": {
"type": "string",
"index": "not_analyzed"
},
"clusterName": {
"type": "string",
"index": "not_analyzed"
},
"duration": {
"type": "string",
"index": "not_analyzed"
},
"eventConversionDateTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"generation": {
"type": "long"
},
"hostname": {
"type": "string",
"index": "not_analyzed"
},
"lastUpdateMicros": {
"type": "string",
"index": "not_analyzed"
},
"sessionDuration": {
"type": "string",
"index": "not_analyzed"
},
"sessionKey": {
"type": "string",
"index": "not_analyzed",
"include_in_all": false
},
"sessionTerminationDateTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"session_id": {
"type": "string",
"index": "not_analyzed"
},
"unique_id": {
"type": "string",
"index": "not_analyzed",
"include_in_all": false
},
"virtualServer": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
This query returns results , but if I search with Common instead of (common), no results are returned. Do I need to specify any analyzer to perform case insensitive search
{
"query":{
"filtered":{
"filter":{
"bool":{
"must":[
{
"range":{
"eventConversionDateTime":{
"gte":"2015-10-30T02:50:39.237Z",
"lte":"2015-12-31T02:50:38.237Z"
}
}
}
{
"prefix":{
"_all":"common"
}
}
]
}
}
}
}