I have a series of records with a field App Version that currently has two possible values: 2.3.0 and 2.3.0 SP1. If I try to do a query for just 2.3.0 in the Dev Console like so...
GET myindex/_search
{
"query": {
"match": {
"App Version": "2.3.0"
}
}
}
It returns all records, both ones with 2.3.0 SP1 and ones with 2.3.0. Since my ultimate goal is to delete all records with just App Version=2.3.0, I need some way to filter out the ones that include SP1. I can't find documentation anywhere that forces an exact match of the entire string, rather than just part of the string. Any ideas?
Edit: I'm running Kibana 5.2.2 if that helps.
For the exact match you should use a term query on a non-analyzed field (ES 2.X) or on keyword field (ES 5.X). But I suppose you will have to change the mapping.
I alternative you can combine two or more queries in a bool query:
{
"query": {
"bool": {
"must": [
{
"match": {
"App Version": "2.3.0"
}
}
],
"must_not": [
{
"match": {
"App Version": "SP1"
}
}
]
}
}
}