elasticsearch match vs term query

Question

I use the match query search for \"request.method\": \"GET\":

    {
      \"query\": {
        \"filtered\": {
          \"query\": {
            \"match\":          


        

Answer 1

Assuming you are using the Standard Analyzer GET becomes get when stored in the index. The source document will still have the original "GET".

The match query will apply the same standard analyzer to the search term and will therefore match what is stored in the index. The term query does not apply any analyzers to the search term, so will only look for that exact term in the inverted index.

To use the term query in your example, change the upper case "GET" to lower case "get" or change your mapping so the request.method field is set to not_analyzed.