Hi Carlos, the way Elasticsearch (or rather Lucene) is retrieving documents by query is very much dependent on the analyzer that has been used at index time.
Please take a look at the following pages to gain deeper understanding about analyzers in Elasticsearch: - https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis-analyzers.html - https://www.elastic.co/guide/en/elasticsearch/guide/2.x/analysis-intro.html - https://www.elastic.co/guide/en/elasticsearch/guide/2.x/configuring-analyzers.html - https://www.elastic.co/blog/found-text-analysis-part-1 - https://www.elastic.co/blog/found-text-analysis-part-2 Cheers, Jochen On Friday, 10 June 2016 09:48:19 UTC+2, cazy wrote: > > Jochen, how is it possible then that I can search not-analyzed fields with > wildcards? > Suppose we have a field "method". Further, there are two different values > in total; first: "dosomething" and second: "doanotherthing". Now if I > search for "method:do*thing", I get both values in the result. > > What's more, *capital letters mess everything up*. Let's assume the > values are "doSomeThing" and "doAnotherThing" in the example above. > Searching for "method:do*Thing", the result is *empty*. However, if you > avoid capital letters in the search term, i.e. "method:do*hing", both > values "doSomeThing" and "doAnotherThing" are found. Could you please > explain why this is and what to do about it? > > Cheers, > Carlos > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ab3b368a-0ec2-44b8-abe9-b03ef686e12b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
