must match query not working as expected in Elasticsearch

debugcn Published at Dev

Fisher Coder

I've created my index below using Kibana which connected to my AWS ES domain:

PUT sals_poc_test_20210217-7
{
    "settings" : {
      "index" : {
        "number_of_shards" : 10,
        "number_of_replicas" : 1,
        "max_result_window": 50000,
        "max_rescore_window": 50000
      }
    },
    "mappings": {
      "properties": {
        "identifier": {
          "type": "keyword"
        },
        "CLASS_NAME": {
          "type": "keyword"
        },
        "CLIENT_ID": {
          "type": "keyword"
        }
      }
    }
}

then I've indexed 100 documents, using below command returns all 100 documents:

POST /sals_poc_test_20210217-7/_search
{
  "query": {
    "match": {
      "_index": "sals_poc_test_20210217-7"
    }
  }
}

two sample documents are below:

{
        "_index" : "sals_poc_test_20210217-7",
        "_type" : "_doc",
        "_id" : "cd0a3723-106b-4aea-b916-161e5563290f",
        "_score" : 1.0,
        "_source" : {
          "identifier" : "xweeqkrz",
          "class_name" : "/Sample_class_name_1",
          "client_id" : "random_str"
        }
      },
{
        "_index" : "sals_poc_test_20210217-7",
        "_type" : "_doc",
        "_id" : "cd0a3723-106b-4aea-b916-161e556329ab",
        "_score" : 1.0,
        "_source" : {
          "identifier" : "xweeqkra",
          "class_name" : "/Sample_class_name_2",
          "client_id" : "random_str_2"
        }
      }

but when I wanted to search by CLASS_NAME by below command:

POST /sals_poc_test_20210217-7/_search
{
  "size": 200,
  "query": { 
    "bool": { 
      "must": [ 
        { "match": { "CLASS_NAME": "/Sample_class_name_1"}}
      ]
    }
  }
}

Not only the documents that match this class_name returned, but also other ones.

Anyone could shed any light into this case please?

I'm suspecting the way I wrote my search query is problematic. But cannot figure out why.

Thanks!

Balu Vyamajala

Elastic search, is case sensitive. class_name is not equal to CLASS_NAME sample documents seems to have class_name but mapping in index seems to have 'CLASS_NAME.

If we GET sals_poc_test_20210217-7, both class name attributes should be in the index mapping. The one when creating the index and second one created when adding documents to index.

so, query should be on CLASS_NAME or class_name.keyword , by default elastic search creates both text and .keyword field for dynamic attributes

    "CLASS_NAME" : {
      "type" : "keyword"
    },

    "class_name" : {
      "type" : "text",
      "fields" : {
        "keyword" : {
          "type" : "keyword",
          "ignore_above" : 256
        }
      }
    }

Collected from the Internet

Please contact [email protected] to delete if infringement.