Re: Query or Index problem, please help
With what you sent, I can not reproduce easily your problem: launch
elasticsearch, launch a script and that is.
So, basically, try to provide a script which can be played as explained in the
help page.
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 16:35:01, vitaly (vitaly.bulga...@gmail.com) a écrit:
David,
my index was created using logstash with Grok filter (see below) using our logs
as a stream in stdin.
I showed the index in my first message. When I am trying to search on fields
(no matter which field) it results in
{"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
Please let me know what info is missing to provide you with.
Filter I use when creating the index:
filter{
grok{
match=>[
"message",
"(?:\?|\&)C\=%{DATA:kw}\&%{DATA}\sT\s%{DATA:town}\sS\s%{WORD:state}\s%{DATA}%{IP:ip}"
]
}
grok{
match=>[
"message",
"(?:\?|\&)SRC\=%{DATA:src}(?:\&|$)"
]
}
}
output {
elasticsearch {
host => localhost
}
stdout { codec => rubydebug }
}
On Tuesday, August 19, 2014 9:43:23 AM UTC-4, David Pilato wrote:
Have a look at http://www.elasticsearch.org/help/
We can probably help you if we understand what exactly you are doing.
IN could be an english stop word BTW (which is filtered by standard analyzer on
some elasticsearch versions).
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 15:40:20, vitaly (vitaly@gmail.com) a écrit:
David, my question is what I am doing wrong.
Also when I do URI search
http://:9200/_search?q="state:IN"
I am getting 0 results
{"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
I don't really understand the question but I'd say that you should use Marvel /
Sense.
It has a better support for running queries.
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
Using elasticsearch-head I do query
{
"query": {
"term": {
"NONSENSE":"NONSENSE"
}
}
}
The result shows the entire set no matter what I type in "term"
{
took: 2
timed_out: false
_shards: {
total: 5
successful: 5
failed: 0
}
hits: {
total: 10
max_score: 1
hits: [
{
_index: logstash-2014.08.18
_type: logs
_id: SMUgTGR9R-2SVaL1GTeX9A
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: .
kw: area a realty
town: South Bend
state: IN
ip: 198.64.136.68
src: ve-whitepages-dt
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: yWR6DC9sQ2yAqxG9FJXauw
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: Doors
town: Chicago
state: IL
ip: 98.213.210.163
src: lsxppc21611
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: Z_e-DQQkSv2ON1ar1WooSQ
_score: 1
_source: {
message: ...
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: home improvement
town: Clarkston
state: GA
ip: 172.56.1.181
src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ff89a22-7d5b-4843-a12c-eaeafc5df8ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/03b35e5b-cbf3-4211-adb4-b9de5625f6c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
Re: Query or Index problem, please help
Aleks,
none of the queries work.
On Tuesday, August 19, 2014 11:12:03 AM UTC-4, Aleks wrote:
> Hi Vitaly,
>
> Try making the request with lower case "in" :
> http://:9200/_search?q="state:in"
>
> Aleks
>
> On Tuesday, August 19, 2014 3:40:13 PM UTC+2, vitaly wrote:
>>
>> David, my question is what I am doing wrong.
>>
>> Also when I do URI search
>> http://:9200/_search?q="state:IN"
>> I am getting 0 results
>>
>> {"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
>>
>>
>> What I could do wrong?
>>
>> On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
>>
>>> I don't really understand the question but I'd say that you should use
>>> Marvel / Sense.
>>> It has a better support for running queries.
>>>
>>>
>>> --
>>> *David Pilato* | *Technical Advocate* | *Elasticsearch.com*
>>> @dadoonet | @elasticsearchfr
>>>
>>>
>>>
>>> Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
>>>
>>> Using elasticsearch-head I do query
>>> {
>>> "query": {
>>> "term": {
>>> "NONSENSE":"NONSENSE"
>>> }
>>> }
>>> }
>>> The result shows the entire set no matter what I type in "term"
>>> {
>>>
>>>- took: 2
>>>- timed_out: false
>>>- _shards: {
>>> - total: 5
>>> - successful: 5
>>> - failed: 0
>>>}
>>>- hits: {
>>> - total: 10
>>> - max_score: 1
>>> - hits: [
>>> - {
>>> - _index: logstash-2014.08.18
>>> - _type: logs
>>> - _id: SMUgTGR9R-2SVaL1GTeX9A
>>> - _score: 1
>>> - _source: {
>>>- message: ..
>>>- @version: 1
>>>- @timestamp: 2014-08-18T16:16:48.797Z
>>>- host: .
>>>- kw: area a realty
>>>- town: South Bend
>>>- state: IN
>>>- ip: 198.64.136.68
>>>- src: ve-whitepages-dt
>>> }
>>> }
>>> - {
>>> - _index: logstash-2014.08.18
>>> - _type: logs
>>> - _id: yWR6DC9sQ2yAqxG9FJXauw
>>> - _score: 1
>>> - _source: {
>>>- message: ..
>>>- @version: 1
>>>- @timestamp: 2014-08-18T16:16:48.797Z
>>>- host: ...
>>>- kw: Doors
>>>- town: Chicago
>>>- state: IL
>>>- ip: 98.213.210.163
>>>- src: lsxppc21611
>>> }
>>> }
>>> - {
>>> - _index: logstash-2014.08.18
>>> - _type: logs
>>> - _id: Z_e-DQQkSv2ON1ar1WooSQ
>>> - _score: 1
>>> - _source: {
>>>- message: ...
>>>- @version: 1
>>>- @timestamp: 2014-08-18T16:16:48.797Z
>>>- host: ...
>>>- kw: home improvement
>>>- town: Clarkston
>>>- state: GA
>>>- ip: 172.56.1.181
>>>- src: lsxppc19735
>>> }
>>> }
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to elasticsearc...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
>>>
>>>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5e7c7362-d9dd-44c7-95f8-f48dcdcb2161%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
Hi Vitaly,
Try making the request with lower case "in" :
http://:9200/_search?q="state:in"
Aleks
On Tuesday, August 19, 2014 3:40:13 PM UTC+2, vitaly wrote:
>
> David, my question is what I am doing wrong.
>
> Also when I do URI search
> http://:9200/_search?q="state:IN"
> I am getting 0 results
>
> {"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
>
>
> What I could do wrong?
>
> On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
>
>> I don't really understand the question but I'd say that you should use
>> Marvel / Sense.
>> It has a better support for running queries.
>>
>>
>> --
>> *David Pilato* | *Technical Advocate* | *Elasticsearch.com*
>> @dadoonet | @elasticsearchfr
>>
>>
>>
>> Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
>>
>> Using elasticsearch-head I do query
>> {
>> "query": {
>> "term": {
>> "NONSENSE":"NONSENSE"
>> }
>> }
>> }
>> The result shows the entire set no matter what I type in "term"
>> {
>>
>>- took: 2
>>- timed_out: false
>>- _shards: {
>> - total: 5
>> - successful: 5
>> - failed: 0
>>}
>>- hits: {
>> - total: 10
>> - max_score: 1
>> - hits: [
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: SMUgTGR9R-2SVaL1GTeX9A
>> - _score: 1
>> - _source: {
>>- message: ..
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: .
>>- kw: area a realty
>>- town: South Bend
>>- state: IN
>>- ip: 198.64.136.68
>>- src: ve-whitepages-dt
>> }
>> }
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: yWR6DC9sQ2yAqxG9FJXauw
>> - _score: 1
>> - _source: {
>>- message: ..
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: ...
>>- kw: Doors
>>- town: Chicago
>>- state: IL
>>- ip: 98.213.210.163
>>- src: lsxppc21611
>> }
>> }
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: Z_e-DQQkSv2ON1ar1WooSQ
>> - _score: 1
>> - _source: {
>>- message: ...
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: ...
>>- kw: home improvement
>>- town: Clarkston
>>- state: GA
>>- ip: 172.56.1.181
>>- src: lsxppc19735
>> }
>> }
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
>>
>>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/87cc4b5e-eb5b-4c22-b680-e9090419af53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
David,
my index was created using logstash with Grok filter (see below) using our
logs as a stream in stdin.
I showed the index in my first message. When I am trying to search on
fields (no matter which field) it results in
{"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
Please let me know what info is missing to provide you with.
Filter I use when creating the index:
filter{
grok{
match=>[
"message",
"(?:\?|\&)C\=%{DATA:kw}\&%{DATA}\sT\s%{DATA:town}\sS\s%{WORD:state}\s%{DATA}%{IP:ip}"
]
}
grok{
match=>[
"message",
"(?:\?|\&)SRC\=%{DATA:src}(?:\&|$)"
]
}
}
output {
elasticsearch {
host => localhost
}
stdout { codec => rubydebug }
}
On Tuesday, August 19, 2014 9:43:23 AM UTC-4, David Pilato wrote:
> Have a look at http://www.elasticsearch.org/help/
>
> We can probably help you if we understand what exactly you are doing.
>
> IN could be an english stop word BTW (which is filtered by standard
> analyzer on some elasticsearch versions).
>
> --
> *David Pilato* | *Technical Advocate* | *Elasticsearch.com*
> @dadoonet | @elasticsearchfr
>
>
>
> Le 19 août 2014 à 15:40:20, vitaly (vitaly@gmail.com ) a
> écrit:
>
> David, my question is what I am doing wrong.
>
> Also when I do URI search
> http://:9200/_search?q="state:IN"
> I am getting 0 results
>
> {"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
>
>
> What I could do wrong?
>
> On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
>
>> I don't really understand the question but I'd say that you should use
>> Marvel / Sense.
>> It has a better support for running queries.
>>
>>
>> --
>> *David Pilato* | *Technical Advocate* | *Elasticsearch.com*
>> @dadoonet | @elasticsearchfr
>>
>>
>>
>> Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
>>
>> Using elasticsearch-head I do query
>> {
>> "query": {
>> "term": {
>> "NONSENSE":"NONSENSE"
>> }
>> }
>> }
>> The result shows the entire set no matter what I type in "term"
>> {
>>
>>- took: 2
>>- timed_out: false
>>- _shards: {
>> - total: 5
>> - successful: 5
>> - failed: 0
>>}
>>- hits: {
>> - total: 10
>> - max_score: 1
>> - hits: [
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: SMUgTGR9R-2SVaL1GTeX9A
>> - _score: 1
>> - _source: {
>>- message: ..
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: .
>>- kw: area a realty
>>- town: South Bend
>>- state: IN
>>- ip: 198.64.136.68
>>- src: ve-whitepages-dt
>> }
>> }
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: yWR6DC9sQ2yAqxG9FJXauw
>> - _score: 1
>> - _source: {
>>- message: ..
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: ...
>>- kw: Doors
>>- town: Chicago
>>- state: IL
>>- ip: 98.213.210.163
>>- src: lsxppc21611
>> }
>> }
>> - {
>> - _index: logstash-2014.08.18
>> - _type: logs
>> - _id: Z_e-DQQkSv2ON1ar1WooSQ
>> - _score: 1
>> - _source: {
>>- message: ...
>>- @version: 1
>>- @timestamp: 2014-08-18T16:16:48.797Z
>>- host: ...
>>- kw: home improvement
>>- town: Clarkston
>>- state: GA
>>- ip: 172.56.1.181
>>- src: lsxppc19735
>> }
>> }
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
>>
>>
Re: Query or Index problem, please help
Have a look at http://www.elasticsearch.org/help/
We can probably help you if we understand what exactly you are doing.
IN could be an english stop word BTW (which is filtered by standard analyzer on
some elasticsearch versions).
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 15:40:20, vitaly (vitaly.bulga...@gmail.com) a écrit:
David, my question is what I am doing wrong.
Also when I do URI search
http://:9200/_search?q="state:IN"
I am getting 0 results
{"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
I don't really understand the question but I'd say that you should use Marvel /
Sense.
It has a better support for running queries.
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
Using elasticsearch-head I do query
{
"query": {
"term": {
"NONSENSE":"NONSENSE"
}
}
}
The result shows the entire set no matter what I type in "term"
{
took: 2
timed_out: false
_shards: {
total: 5
successful: 5
failed: 0
}
hits: {
total: 10
max_score: 1
hits: [
{
_index: logstash-2014.08.18
_type: logs
_id: SMUgTGR9R-2SVaL1GTeX9A
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: .
kw: area a realty
town: South Bend
state: IN
ip: 198.64.136.68
src: ve-whitepages-dt
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: yWR6DC9sQ2yAqxG9FJXauw
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: Doors
town: Chicago
state: IL
ip: 98.213.210.163
src: lsxppc21611
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: Z_e-DQQkSv2ON1ar1WooSQ
_score: 1
_source: {
message: ...
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: home improvement
town: Clarkston
state: GA
ip: 172.56.1.181
src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ff89a22-7d5b-4843-a12c-eaeafc5df8ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/etPan.53f35470.721da317.132%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
David, my question is what I am doing wrong.
Also when I do URI search
http://:9200/_search?q="state:IN"
I am getting 0 results
{"took":2,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
> I don't really understand the question but I'd say that you should use
> Marvel / Sense.
> It has a better support for running queries.
>
>
> --
> *David Pilato* | *Technical Advocate* | *Elasticsearch.com*
> @dadoonet | @elasticsearchfr
>
>
>
> Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com ) a
> écrit:
>
> Using elasticsearch-head I do query
> {
> "query": {
> "term": {
> "NONSENSE":"NONSENSE"
> }
> }
> }
> The result shows the entire set no matter what I type in "term"
> {
>
>- took: 2
>- timed_out: false
>- _shards: {
> - total: 5
> - successful: 5
> - failed: 0
>}
>- hits: {
> - total: 10
> - max_score: 1
> - hits: [
> - {
> - _index: logstash-2014.08.18
> - _type: logs
> - _id: SMUgTGR9R-2SVaL1GTeX9A
> - _score: 1
> - _source: {
>- message: ..
>- @version: 1
>- @timestamp: 2014-08-18T16:16:48.797Z
>- host: .
>- kw: area a realty
>- town: South Bend
>- state: IN
>- ip: 198.64.136.68
>- src: ve-whitepages-dt
> }
> }
> - {
> - _index: logstash-2014.08.18
> - _type: logs
> - _id: yWR6DC9sQ2yAqxG9FJXauw
> - _score: 1
> - _source: {
>- message: ..
>- @version: 1
>- @timestamp: 2014-08-18T16:16:48.797Z
>- host: ...
>- kw: Doors
>- town: Chicago
>- state: IL
>- ip: 98.213.210.163
>- src: lsxppc21611
> }
> }
> - {
> - _index: logstash-2014.08.18
> - _type: logs
> - _id: Z_e-DQQkSv2ON1ar1WooSQ
> - _score: 1
> - _source: {
>- message: ...
>- @version: 1
>- @timestamp: 2014-08-18T16:16:48.797Z
>- host: ...
>- kw: home improvement
>- town: Clarkston
>- state: GA
>- ip: 172.56.1.181
>- src: lsxppc19735
> }
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearc...@googlegroups.com .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
>
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ff89a22-7d5b-4843-a12c-eaeafc5df8ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
I don't really understand the question but I'd say that you should use Marvel /
Sense.
It has a better support for running queries.
--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly.bulga...@gmail.com) a écrit:
Using elasticsearch-head I do query
{
"query": {
"term": {
"NONSENSE":"NONSENSE"
}
}
}
The result shows the entire set no matter what I type in "term"
{
took: 2
timed_out: false
_shards: {
total: 5
successful: 5
failed: 0
}
hits: {
total: 10
max_score: 1
hits: [
{
_index: logstash-2014.08.18
_type: logs
_id: SMUgTGR9R-2SVaL1GTeX9A
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: .
kw: area a realty
town: South Bend
state: IN
ip: 198.64.136.68
src: ve-whitepages-dt
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: yWR6DC9sQ2yAqxG9FJXauw
_score: 1
_source: {
message: ..
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: Doors
town: Chicago
state: IL
ip: 98.213.210.163
src: lsxppc21611
}
}
{
_index: logstash-2014.08.18
_type: logs
_id: Z_e-DQQkSv2ON1ar1WooSQ
_score: 1
_source: {
message: ...
@version: 1
@timestamp: 2014-08-18T16:16:48.797Z
host: ...
kw: home improvement
town: Clarkston
state: GA
ip: 172.56.1.181
src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/etPan.53f34f1a.431bd7b7.132%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.
Query or Index problem, please help
Using elasticsearch-head I do query
{
"query": {
"term": {
"NONSENSE":"NONSENSE"
}
}
}
The result shows the entire set no matter what I type in "term"
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: .
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Query or Index problem, please help
I use elasticsearch-head.
The query is
{
"query": {
"term": {
"nonsense":"nonsense"
}
}
}
The result does not care about the field and value I search for. It always
gives the entire index.
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message:
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SibOPwAASPOuod5xRB5LLg
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.796Z
- host: dfwlndsrch-01.supermedia.com
- kw: Ready Mix Concrete
- town: Zephyrhills
- state: FL
- ip: 63.251.207.54
- src: comlocal5
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b1579846-cc31-4772-9cd2-4e7c0019%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
