I have a query in Kibana where I'm attempting to match strings in specific fields, yet results are returned where a different field matches. My query is:
message:InvalidValue AND correlation_id:AppPrefix*
This is returning rows where the logger fields matches, for example:
message: InvalidValue
correlation_id: AppPrefix_c0c340cc-d4d4-41e2-bfec-326ae5bacf75
logger: AppPrefix.Api.Private
I can work round this by changing the data I search for but I don't want my queries to be searching more fields than necessary as it's inefficient.
My question seems similar to Kibana query exact match but the raw field doesn't appear to be available using Kibana 4.1.1.
Is there a better/correct way to format my query so that it only matches the fields specified?
This is an issue with the highlighting rather than the query. According to the following Github commit, it looks like this highlighting issue will be fixed in Elasticsearch 2.
"The default
falseforrequire_field_matchis a bit odd and confusing for users, given that field names get ignored by default and every field gets highlighted if it contains terms extracted out of the query, regardless of which fields were queries. Changed the default totrue, it can always be changed per request."