Running the following query on Elasticsearch using official python client returns the wrong response but running them separately gives out the correct response.
Following object is passed as search_doc to elasticsearch.msearch():
[
{
'type': 1,
'index': 'xyz'
},
{
'query': {
'bool': {
'must': [
{
'match_phrase': {
'messageid': 'DEL_1CKCJAR'
}
},
{
'regexp': {
'dsn': '2.[0-9].[0-9]'
}
}
]
}
}
},
{
'type': 1,
'index': 'xyz'
},
{
'query': {
'bool': {
'must': [
{
'match_phrase': {
'messageid': 'DEL_1CKCJAR'
}
},
{
'regexp': {
'dsn': '5.[0-9].[0-9]'
}
}
]
}
}
},
{
'type': 1,
'index': 'xyz'
},
{
'query': {
'bool': {
'must': [
{
'match_phrase': {
'messageid': 'DEL_1CKCJAR'
}
},
{
'regexp': {
'dsn': '4.[0-9].[0-9]'
}
}
]
}
}
}
]
and returns the following response:
[
{
'took': 42,
'hits': {
'hits': [
],
'total': 0,
'max_score': None
},
'status': 200,
'timed_out': False,
'_shards': {
'failed': 0,
'total': 5,
'successful': 5
}
},
{
'took': 41,
'hits': {
'hits': [
],
'total': 0,
'max_score': None
},
'status': 200,
'timed_out': False,
'_shards': {
'failed': 0,
'total': 5,
'successful': 5
}
},
{
'took': 41,
'hits': {
'hits': [
],
'total': 0,
'max_score': None
},
'status': 200,
'timed_out': False,
'_shards': {
'failed': 0,
'total': 5,
'successful': 5
}
}
]
However, run separately on index xyz, a query such as follows:
{
'query': {
'bool': {
'must': [
{
'match_phrase': {
'messageid': 'DEL_1CKCJAR'
}
},
{
'regexp': {
'dsn': '4.[0-9].[0-9]'
}
}
]
}
}
}
returns the following response:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 18,
"max_score": 2.7300916,
"hits": [
{
"_index": "xyz",
"_type": "log",
"_id": "3A91F141442",
"_score": 2.7300916,
"_source": {
"pid": "13034",
"type": "log",
"logsource": "localhost",
"qid": "3A91F141442",
"@timestamp": "2017-06-05T16:44:16.177Z",
"@version": "1",
"host": "localhost.localdomain",
"client": "unknown[XXX.XXX.XXX.XXX]",
"messageid": "[email protected]>",
"nrcpt": "1",
"queuestatus": "queue active",
"size": "1297",
"from": "[email protected]",
"reason": "(connect to mx2.hotmail.com[XXX.XXX.XXX.XXX]:25: Connection timed out)",
"relayhost": "none",
"result": "deferred",
"delay": "8707",
"to": "[email protected]",
"dsn": "4.4.1"
}
},
....
}
, which is the desired response. So far, I cannot figure out why the individual request works but the multi_search request does not.
Note: The Data being searched is Elasticsearch log data.
Any help is appreciated. :)
I'd say that your multi search query uses the wrong type:
{
'type': 1,
'index': 'xyz'
}
The documents returned by your single search query have the type log. Either leave out the type entirely or use log and your queries should return the desired results.