0

I'm working on Elasticsearch Java API, and I faced weird problem.

below is the data stored: 

"_index": "my_index",
"_type": "SEC",
"_id": "1111111111111111",
"_score": 0,
"_source": {
  "LOG_NO": 2222222222222222
}

And I call the request like below:

QueryBuilder queryBuilder = QueryBuilders.boolQuery().filter(query);
request.setQuery(queryBuilder);
SearchResponse searchResponse = request.get();

This is the search response:

"_index":"my_index",
"_type":"SEC",
"_id":"1111111111111111",
"_score":null,
"_source": {
    "LOG_NO":1111111111111111,
}

As you can see, the "LOG_NO" of the response should be '2222222222222222' not '1111111111111111'.

the parameter 'query' is QueryBuilder and value is like below:

{
  "bool": {
    "must": [
      {
        "range": {
          "LOG_GEN_TIME": {
            "from": "2018-11-01 00:00:00+09:00",
            "to": "2018-11-01 23:59:59+09:00",
            "include_lower": true,
            "include_upper": true,
            "boost": 1
          }
        }
      },
      {
        "bool": {
          "must": [
            {
              "term": {
                "ASSET_IP": "xx.xxx.xxx.xxx"
              }
            },
            {
              "term": {
                "DST_PORT": "xx"
              }
            }
          ]
        }
      }
    ],
    "adjust_pure_negative": true,
    "boost": 1
  }
}

I don't understand what is the problem.

Any comments would be appreciated, Thanks.

-- Edited for @Val

    "_index": "my_index",
    "_type": "SEC",
    "_id": "9197340043548295192",
    "_score": null,
    "_source": {
      "ASSET_IP": "xx.xxx.xx.xxx",
      "LOG_NO": 9197340043548295200,
      "LOG_GEN_TIME": "2018-11-01 23:10:53+09:00",
      "SRC_IP": "xx.xxx.xx.xxx",
      "SRC_PORT": xx,
      "DST_IP": "xx.xxx.xx.xxx",
      "DST_PORT": xx,
      "DESCRIPTION": "log",
      "DST_NATION_CD": "USA",
    }
  }

this is the full document that I expect to be returned and the only "LOG_NO" field makes problem.

qumm
  • 137
  • 1
  • 13
  • 1
    Can you show the query you're sending and how you're sending it? – Val Nov 23 '18 at 09:04
  • @Val added the parameter query, and I'm not sure 'how you're sending it' means exactly – qumm Nov 23 '18 at 09:19
  • 1
    Thanks for the query, can you show the full document that you expect to be returned by the query (i.e. not only the LOG_NO field)? – Val Nov 23 '18 at 09:37
  • @Val added the full doc, and sorry for the late response :) – qumm Nov 26 '18 at 01:33
  • Found my problem. thanks for helping me @Val – qumm Nov 26 '18 at 04:24
  • Yes, that was probably a rounding issue, as described in my other answer here: https://stackoverflow.com/questions/38952262/elasticsearch-max-length-of-mapping-type-long/38952540#38952540 – Val Nov 26 '18 at 05:01
  • Thanks, now I got more detail why such a problem occurred. – qumm Nov 26 '18 at 05:18

1 Answers1

0

I found that the problem is javascript.

Because JS can't express the parameter that exceed the range of number, it was transformed.

My ES setting was the integer field "LOG_NO" is set as a index and the "_id" is string expression of "LOG_NO".

So there was no problem, except the integer number looks different on web.

Hope others would not suffer the same problem.

qumm
  • 137
  • 1
  • 13