Some thoughts: I don't think you can define multiple fields/values for Term Filter: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-term-filter.html#query-dsl-term-filter. I think that only the last one is applied here. You are using default analyzer. So MessageID content has probably been indexed as ["mon", "heartbeat"]. A Term filter does not analyze the content. So you compare exactly your string with the inverted index. And MON_Heartbeat is not "mon" or "heartbeat". You could change the mapping and set MessageID to not_analyzed: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-core-types.html#string
-- David Pilato | Technical Advocate | Elasticsearch.com @dadoonet | @elasticsearchfr Le 19 août 2014 à 21:13:37, eloris ([email protected]) a écrit: I am brand new to this technology. Probably, this question is answered somewhere in the docs, but I can't see where. I have inserted data as follows: >curl localhost:9200/_search?pretty [...] { "_index" : "log", "_type" : "external", "_id" : "dggX5-r4SaW2DLnLwFJlkQ", "_score" : 1.0, "_source":{ "ID":"b596330f-1898-4d9a-aa34-031fac480ead", "Type":3, "Message":".NET Hub is running.", "ParentID":null, "MetaData":{ "Timestamp":"8/7/2014 2:50:11 PM", "Source":"FileProcessor", "EnterpriseID":"", "ServiceName":"MMM.HSA.Hub.HubService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null", "MessageID":"MON_Heartbeat", "TimestampInTicks":"635430054119284674", "HeartbeatTime":"5000" }, "CreateDate":"\/Date(-62135578800000)\/"} } Then I run curl -XPOST http://localhost:9200/log/_search {"size":1,"query":{"filtered":{"query":{"match_all":{}},"filter":{"term":{"applicationID":"HSA_NET_Hub","Type":"3","MetaData.MessageID":"MON_Heartbeat"}}}},"sort":[{"_id":"desc"}]} and get no results. It seems to me that the above record should be found. Anybody know what I am doing wrong? I know it is because of the filtering on MetaData.MessageID, because without that records do get found. But I don't know what's wrong with my syntax and the documentation does not answer my question. Thanks in advance! -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e2c82f7a-9903-4dee-a44f-2e0c4a8d0e2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.53f3a6b3.57e4ccaf.132%40MacBook-Air-de-David.local. For more options, visit https://groups.google.com/d/optout.
