Add simple search on every field in ElasticSearch

Question

here's my query:

"query":{ 
  "query":{ 
     "bool":{ 
        "must":[ 
           { 
              "term":{ 
                 "device_id":"1"
              }
           },
           { 
              "range":{ 
                 "created_at":{ 
                    "gte":"2019-10-01",
                    "lte":"2019-12-10"
                 }
              }
           }
        ],
        "must_not":[ 
           { 
              "term":{ 
                 "action":"ping"
              }
           },
           { 
              "term":{ 
                 "action":"checkstatus"
              }
           }
        ]
     }
  },
  "sort":{ 
     "created_at":"desc"
  },
  "size":10,
  "from":0
}

the logs vary a lot with completely different set of fields. What I can do to search if in any of them is a string that I'm looking for? Let's say I'm looking for "mit" and it shows me one log with

surname -> Smith

and the second one with

action -> "message comMITted"

I've tried using match [ '_all' => "mit" ] but it's deprecated I heard.

I'm using Elasticsearch 7.3.1

dheerajgopi · Answer 1 · 2019-12-12T07:24:35.510

0

To perform search across all fields, use copy_to to copy the values of all fields into a grouped field, and perform the queries against that field. In case you have dynamic index mappings refer this.

For supporting infix matching, you can use ngrams. This is a good tutorial for ngrams.

Infix matching can be performed using wildcard query too. But it's not recommended due to performance reasons.

edited Dec 12 '19 at 07:24

answered Dec 10 '19 at 09:31

dheerajgopi

1
2

I don't think that will work, the OP needs infix matching, and that can only be achieved with ngrams – Val Dec 10 '19 at 10:27
@Val Thank you for pointing the mistake. I missed it somehow. I have updated my answer. – dheerajgopi Dec 12 '19 at 07:26

Add simple search on every field in ElasticSearch

1 Answers1