New to ELK, trying to find a full text search with regular expression, I create a test index
{"test_monitoring":
{"aliases":{}
,"mappings":
{"messagerie":
{"properties":
{"header":
{"type":"text"
,"fields":
{"keyword":
{"type":"keyword","ignore_above":256
} } } } } }
,"settings":
{ "index":
{ "creation_date":"1490005518469","number_of_shards":"5","number_of_replicas":"1","uuid":"f8AsV6OrQEqx7_-HoEYxwA","version":
{ "created":"5020299"}
,"provided_name":"test_monitoring"
} } } }
therefore the property "header":
allowing a normal full-text search, and not just a token with an account
Entering 1 record (data after get)
hits|total | 1
|max_score | 1.0
|0|_index | "test_monitoring"
| |_type | "messagerie"
| |_id | "1"
| |_score | 1.0
| |_source|header | "La pomme d adan n est pas utile a la mastication"
I can do a search with:
"query": { "match": {
"header" : "pomme"
} }
or "header.keywork" : "La pomme d adan n est pas utile a la mastication"
but never a regular expression with more than 1 word will hit something [no error, full _shard, ...] (ok for header.keyword, but the title is the text "not_analyzed", which understands the new ELK version New text / line behavior / keyword
GET /test_monitoring/messagerie/_search
{ "query": {
"regexp" :{
"header" : "la.*pom*e"
} } } }
, , "not_analyzed" , , not_analyzed text
PUT /test_monitoring/messagerie/_mapping
{
"messagerie": {
"properties": {
"header": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
, "as_text_na" : {
"type" : "text"
, "index" : "not_analyzed"
}
}
}
}
}
}
:
, , ? , , .