I'm trying to work with cloudwatch log data in opensearch. While building some dashboards, I'm querying by "@log_stream". My log streams vary slightly, like "productName_filterlog" and "productName_messagelog". However, my query for one "@log_stream" yields results with many different log streams mixed in. I'm doing a term search with explain enabled in hopes of getting some reasoning for this:
Request
POST myindex/_search?explain=true
{
"query":{
"term": {
"@log_stream": "productName_filterlog"
}
}
}
Response
...
"hits": [
{
...,
"_explanation" : {
"value" : 1.0,
"description" : "*:*",
"details" : [ ]
}
}
]
My question : what does this _explanation object mean? Why is it so useless? Is there a better way to determine why some unwanted results are showing up? I'm assuming the reason is due to some analyzer shenanigans, but how would one determine this?
thanks!
AWS OFFICIALAktualisiert vor 3 Jahren