When I tried:
curl -XPOST 'http://localhost:9200/index/type/_search?search_type=scan&scroll=2m' -d '{"query": {"match": {"host":"xxxx"}}}'
I got a scroll_id
. Then I issued:
curl -XPOST 'http://localhost:9200/_search/scroll?scroll=1m&scroll_id=......'
but the response contains logs belonging to other host. Why and how to solve it?
Thanks alot
Try a term query instead of match:
{"query": {"term": {"host":"xxxx"}}}
This would look for the exact value instead of analyzing the value you have for xxxx
and a discussion of the differences is: https://www.elastic.co/guide/en/elasticsearch/guide/current/term-vs-full-text.html
If that doesn't work, it could also be that the field is being analyzed, and the mapping would need to be updated as well. Can you share the mapping for the index and type: http://localhost:9200/index/_mapping/type/?pretty ?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.