ElasticSearch ends with query

Question

I am searching for data in kibana which ends with ":1"

I have a dataset like so for an my_field:

skdjjsdk:jkdsjkd:123:1:1
skdjjsdk:jkdsjkd:123:2:12
skdjjsdk:jkdsjkd:123:1:33
skdjjsdk:jkdsjkd:123:1:01
skdjjsdk:jkdsjkd:123:2:2

I tried searching in kibana search

my_field: "*:1"
my_field: ":1$"

also tried Elasticsearch Query DSL (in filter fields)

{
  "query": {
    "regexp": {
      "my_field": {
        "value": ".*:1"
      }
    }
  }
}

But I am getting matched with

skdjjsdk:jkdsjkd:123:1:1
skdjjsdk:jkdsjkd:123:1:33

But I want only skdjjsdk:jkdsjkd:123:1:1

score 0 · Answer 1 · answered Dec 21 '22 at 14:37

I get the result using analyzer whitespace and wildcard query.

PUT idx_test
{
 "mappings": {
   "properties": {
     "my_field" :{
       "type": "text",
       "analyzer": "whitespace"
     }
   }
 }
}


POST idx_test/_doc/
{"my_field":"skdjjsdk:jkdsjkd:123:1:1"}

POST idx_test/_doc/
{"my_field":"skdjjsdk:jkdsjkd:123:2:12"}

POST idx_test/_doc/
{"my_field":"skdjjsdk:jkdsjkd:123:1:33"}

POST idx_test/_doc/
{"my_field":"skdjjsdk:jkdsjkd:123:1:01"}

POST idx_test/_doc/
{"my_field":"skdjjsdk:jkdsjkd:123:2:2"}


GET idx_test/_search
{
  "query": {
   "wildcard": {
     "my_field": {
       "value": "*:1"
     }
   }
  }
}

I am not getting any result for this as well – Vaibhav Dec 21 '22 at 19:14 — Vaibhav, Dec 21 '22 at 19:14
do you executed exactly the snippet code? This code works. – rabbitbr Dec 21 '22 at 19:40 — rabbitbr, Dec 21 '22 at 19:40

ElasticSearch ends with query

1 Answers1