I have document:
{
"_index" : "logs",
"_id" : "e174f29c-9f0b-4aab-a3b3-7ab5dcb8a50a",
"_score" : null,
"_source" : {
"number" : 1,
"request_type" : 1,
"request_entity_type" : 1,
"entity_type" : 1,
"entity_id" : "6c125004-4720-4258-a5d6-3fa1c7468bc8",
"field_name" : "name",
"old_value" : null,
"new_value" : """[{"locale":"ru-RU","text_value":"1234"}]""",
"created_by" : "b6aa1f8f-79b8-45b6-a11c-fe65b8bdfc35",
"created_at" : "2022-06-29T10:47:43.205753"
}
}
And when I try to get this document by entity_type and field_name fields, it works:
GET logs/_search
{
"query": {
"bool": {
"filter": [
{"term" : { "entity_type" : "1" }},
{"term": {"field_name": "name"}}
]
}
},
"sort": [
{
"number": {
"order": "desc"
}
}
]
}
But when I change field_name to entity_id I get zero hits:
GET logs/_search
{
"query": {
"bool": {
"filter": [
{"term" : { "entity_type" : "1" }},
{"term": {"entity_id": "6c125004-4720-4258-a5d6-3fa1c7468bc8"}}
]
}
},
"sort": [
{
"number": {
"order": "desc"
}
}
]
}
Why doesn't it work? What is the difference between field_name and entity_id
Looks like your entity_id field is created by Out of the box mapping of Elasticsearch which analyzes it as a text field and break it, adding .keyword should work.
{
"query": {
"bool": {
"filter": [
{"term" : { "entity_type" : "1" }},
{"term": {"entity_id.keyword": "6c125004-4720-4258-a5d6-3fa1c7468bc8"}} // note `entity_id.keyword` as a field name.
]
}
},
"sort": [
{
"number": {
"order": "desc"
}
}
]
}
Note: If you don't define explicit mapping, Elasticsearch generates both text and keyword field for every text field as it doesn't know your use case.