Query for an item inside of Fields - DSL Query

Question

I read on this article elasticsearch query and match query to be able to query for ElasticApmTraceId that has a specific ID throughout my entire logs.

So I attempted to do the following just to get ElasticApmTraceID:

GET /customer-simulation-es-app-logs*/_search
{
 "query": { 
   "match": {
     "fields": {
       "ElasticApmTraceId": "da58115e800c284b8e2556185c1c8e64"
     }
   }
 }
}

However, when I do so, it returns:

Is there a reason why it returns a 400 and not what I want it to do?

score 1 · Accepted Answer · answered Jun 04 '21 at 01:13

Based on the structure of the document, the ElasticApmTraceId field is inside fields. You can access the values of ElasticApmTraceId by using fields.ElasticApmTraceId

Modify your query as

{
  "query": {
    "match": {
      "fields.ElasticApmTraceId": "da58115e800c284b8e2556185c1c8e64"
    }
  }
}

score 1 · Answer 2 · answered Jun 04 '21 at 01:29

1

I suggest you use the bool,mustand term to query.The following article should help you: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html

GET /customer-simulation-es-app-logs*/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "ElasticApmTraceId": {
              "value": "da58115e800c284b8e2556185c1c8e64"
            }
          }
        }
      ]
    }
  }
}

answered Jun 04 '21 at 01:29

SuperPirate

146
1
4

Thank you! So always use bool and must and term for every DSL query? – NoviceCoder Jun 04 '21 at 13:37
1

You can read the article in my link.These constructors are just to construct your query conditions.Please classify according to the actual situation :） – SuperPirate Jun 07 '21 at 01:47
I appreciate it :) – NoviceCoder Jun 07 '21 at 13:47

Query for an item inside of Fields - DSL Query

2 Answers2