I am trying to search my index but using the documented match
syntax fails.
Here is the result of
GET apm-7.6.2-transaction-000001/_search
{
"_source": ["transaction.custom.campaign_name"],
"query": {
"match_all": {}
}
}
returns
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 6,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
...
but when I try to filter the results and get only values, where the transaction.custom.campaign_name is at some specific value,
GET apm-7.6.2-transaction-000001/_search
{
"query": {
"match" : {
"transaction.custom.campaign_name": "ca*"
}
}
}
I get zero hits:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
Could anyone point me to the issue here?
thank you very much!
PS: Here is an example of a single hit, when math_all is used:
...
{
"_index" : "apm-7.6.2-transaction-000001",
"_type" : "_doc",
"_id" : "8gX_B3IB6W5uorYBtJHZ",
"_score" : 1.0,
"_source" : {
"agent" : {
"name" : "rum-js",
"version" : "5.1.1"
},
"processor" : {
"name" : "transaction",
"event" : "transaction"
},
"labels" : {
"label1" : "ahoi"
},
"observer" : {
"hostname" : "c99d7caa67e7",
"id" : "74cdd7ab-e3e5-4794-972d-cfd54f5f48d4",
"ephemeral_id" : "bab410d0-501b-4a4e-93e8-0b1520992451",
"type" : "apm-server",
"version" : "7.6.2",
"version_major" : 7
},
"trace" : {
"id" : "59986f27506d0ab53a82f74f2669ff0a"
},
"@timestamp" : "2020-05-12T08:28:17.000Z",
"ecs" : {
"version" : "1.4.0"
},
"service" : {
"name" : "test",
"language" : {
"name" : "javascript"
}
},
"client" : {
"ip" : "172.22.0.1"
},
"user" : {
"name" : "mojovski",
"id" : "aabbxx",
"email" : "[email protected]"
},
"transaction" : {
"duration" : {
"us" : 425000
},
"custom" : {
"campaign_name" : "campaign_1_welt.de_max-price:4eur",
"stuff" : "stuff"
},
"name" : "Unknown",
"marks" : {
"agent" : {
"domInteractive" : 301,
"domComplete" : 416,
"timeToFirstByte" : 35
},
"navigationTiming" : {
"responseEnd" : 35,
"responseStart" : 35,
"domainLookupEnd" : 1,
"domInteractive" : 301,
"domContentLoadedEventStart" : 317,
"domComplete" : 416,
"domainLookupStart" : 1,
"connectEnd" : 1,
"connectStart" : 1,
"loadEventStart" : 416,
"requestStart" : 34,
"fetchStart" : 0,
"domContentLoadedEventEnd" : 342,
"loadEventEnd" : 421,
"domLoading" : 38
}
},
"page" : {
"referer" : "",
"url" : "http://localhost:8080/"
},
"span_count" : {
"started" : 23
},
"id" : "a6b27cdc0e2299b5",
"type" : "page-load",
"sampled" : true
},
"user_agent" : {
"original" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0",
"os" : {
"name" : "Ubuntu"
},
"name" : "Firefox",
"device" : {
"name" : "Other"
},
"version" : "76.0."
},
"timestamp" : {
"us" : 1589272097000246
}
}
}
...
UPDATE
Here is the mapping of the index, read via
GET apm-7.6.2-transaction-000001/_mapping
(since the file is too large, I put it to gist: )
https://gist.github.com/mojovski/143fe5f87b54e2c020a3217ea55e3bbf
The match
query doesn't support wildcards.
You can try the prefix
query instead if you're trying to search for prefixes.
GET apm-7.6.2-transaction-000001/_search
{
"query": {
"prefix" : { <-- change this
"transaction.custom.campaign_name": "ca"
}
}
}