djptek/match_only_field_vs_aggs.json

## match_only_field_vs_aggs.json
# could use kibana but for a quick test simpler to use Elasticsearch standalone with curl
# set the password as a environment variable to make curl easier
export ELASTIC_PWD="<your_elastic_pwd>"

# add mapping
curl -u elastic:${ELASTIC_PWD} -X PUT "localhost:9200/logs?pretty" -H 'Content-Type: application/json' -d'
{
  "mappings": {
    "properties": {
      "@timestamp": {
        "type": "date"
      },
      "message": {
        "type": "match_only_text"
      }
    }
  }
}
'

# post 2 docs
curl -u elastic:${ELASTIC_PWD} -X POST "localhost:9200/logs/_doc/" -H 'Content-Type: application/json' -d'
{
  "@timestamp": "2021-05-12T10:40:33,160",
"message" : "testing match only field type"
}
'

curl -u elastic:${ELASTIC_PWD} -X POST "localhost:9200/logs/_doc/" -H 'Content-Type: application/json' -d'
{
  "@timestamp": "2021-05-12T10:41:33,160",
"message" : "testing match only field type again"
}
'

# send aggs
curl -u elastic:${ELASTIC_PWD} -X GET "localhost:9200/logs/_search?pretty" -H 'Content-Type: application/json' -d'
{
  "aggregations": {
        "keywords": {
          "significant_text": { "field": "message" }
    }
  }
}
'

# expected result
{
  "took" : 3,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "logs",
        "_id" : "iULEX3kBUg4EEpkgww5L",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2021-05-12T10:40:33,160",
          "message" : "testing match only field type"
        }
      },
      {
        "_index" : "logs",
        "_id" : "ikLFX3kBUg4EEpkgMg4v",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2021-05-12T10:41:33,160",
          "message" : "testing match only field type again"
        }
      }
    ]
  },
  "aggregations" : {
    "keywords" : {
      "doc_count" : 2,
      "bg_count" : 2,
      "buckets" : [ ]
    }
  }
}
	# could use kibana but for a quick test simpler to use Elasticsearch standalone with curl
	# set the password as a environment variable to make curl easier
	export ELASTIC_PWD="<your_elastic_pwd>"

	# add mapping
	curl -u elastic:${ELASTIC_PWD} -X PUT "localhost:9200/logs?pretty" -H 'Content-Type: application/json' -d'
	{
	"mappings": {
	"properties": {
	"@timestamp": {
	"type": "date"
	},
	"message": {
	"type": "match_only_text"
	}
	}
	}
	}
	'

	# post 2 docs
	curl -u elastic:${ELASTIC_PWD} -X POST "localhost:9200/logs/_doc/" -H 'Content-Type: application/json' -d'
	{
	"@timestamp": "2021-05-12T10:40:33,160",
	"message" : "testing match only field type"
	}
	'

	curl -u elastic:${ELASTIC_PWD} -X POST "localhost:9200/logs/_doc/" -H 'Content-Type: application/json' -d'
	{
	"@timestamp": "2021-05-12T10:41:33,160",
	"message" : "testing match only field type again"
	}
	'

	# send aggs
	curl -u elastic:${ELASTIC_PWD} -X GET "localhost:9200/logs/_search?pretty" -H 'Content-Type: application/json' -d'
	{
	"aggregations": {
	"keywords": {
	"significant_text": { "field": "message" }
	}
	}
	}
	'

	# expected result
	{
	"took" : 3,
	"timed_out" : false,
	"_shards" : {
	"total" : 1,
	"successful" : 1,
	"skipped" : 0,
	"failed" : 0
	},
	"hits" : {
	"total" : {
	"value" : 2,
	"relation" : "eq"
	},
	"max_score" : 1.0,
	"hits" : [
	{
	"_index" : "logs",
	"_id" : "iULEX3kBUg4EEpkgww5L",
	"_score" : 1.0,
	"_source" : {
	"@timestamp" : "2021-05-12T10:40:33,160",
	"message" : "testing match only field type"
	}
	},
	{
	"_index" : "logs",
	"_id" : "ikLFX3kBUg4EEpkgMg4v",
	"_score" : 1.0,
	"_source" : {
	"@timestamp" : "2021-05-12T10:41:33,160",
	"message" : "testing match only field type again"
	}
	}
	]
	},
	"aggregations" : {
	"keywords" : {
	"doc_count" : 2,
	"bg_count" : 2,
	"buckets" : [ ]
	}
	}
	}