I am new to Elasticsaerch and I am struggling right now. I am trying to search for all data, that have exact phrase in field eset. My query looks like this and it works:
{
"query" : {
"match_phrase" : {
"eset": "Win32/Kryptik.DLT"
}
}
}
Now, I also need multiple fields to have exact values, for example in eset and registries fields, so it should, in theory, look like this:
{
"query" : {
"match_phrase" : {
"eset": "Win32/Kryptik.DLT"
},
"match_phrase" : {
"registries": 3
}
}
}
But obviously, you can't do this in Elasticsearch. Match does not seem to work with multiple fields. Is there any way how to do this ? I need to preserve upper and lower case. Just exact values. Term does not seem to work, because of upper and lower case and also SLASHES that are used in my data.
I tried everything I have found and nothing worked yet. I use Python API version 6.1.1 and Elasticsearch on version 5.6.6 if that matters.
I think I figured it out myself, the solution to this was :
{
"query": {
"bool": {
"must": [
{ "match": { "eset": { "query": "Win32/Kryptik.DLT", "type": "phrase" }}},
{ "match": { "registries": { "query": 3, "type": "phrase" }}}
]
}
}
}
But I am still open to other solutions, especially in terms with SLASHES.