What is the difference between single and double quotes in ElasticSearch's query string syntax? Just in case I have the terminology wrong, when referencing query string syntax I am referring to the syntax used by kibana's search field on the discover tab.
I have an index with the field python_type that is a not analyzed string.
1) python_type: typeA finds the expected documents
2) python_type: "typeA" also finds the expected documents
3) python_type: 'typeA' finds nothing.
Why does the third query string return no results? How does the query string interpret single quotes? On an interesting side note, when the field is analyzed, all three query strings return the expected results.
Thanks,
Nathan
The Kibana input field doesn't expect JSON data, but what you type in the input field MUST follow the query_string query syntax.
As you can see in that documentation, there's no single quote anywhere, i.e. it is not a reserved character of the query syntax.
When querying for python_type:'typeA', the query_string query that Kibana sends to ES will look something like this:
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "python_type:'typeA'",
"analyze_wildcard": true
}
}
}
}
}
It is not wrong, but ES will check for documents having a python_field containing 'typeA', with the single quotes.
Whereas when querying for python_type:"typeA" or python_type:typeA ES will check for documents having a python_field with the exact term typeA