Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the default search wildcard and check the behaviour in Elastic #2248

Closed
3 tasks done
nicocti opened this issue Jul 22, 2022 · 2 comments
Closed
3 tasks done

Remove the default search wildcard and check the behaviour in Elastic #2248

nicocti opened this issue Jul 22, 2022 · 2 comments
Labels
feature use for describing a new feature to develop filters & search Linked to search results and filtering engine solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.0

Comments

@nicocti
Copy link

nicocti commented Jul 22, 2022

Prerequisites

  • I read the Deployment and Setup section of the OpenCTI documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
  • I went through old GitHub issues and couldn't find anything relevant
  • I googled the issue and didn't find anything relevant

Description

Hello !

I'm wondering whether there is a reason for adding a trailing wildcard on the elasticsearch "query_string" generated by a search for the frontend search bar.

Because of it, exact matches end up with a much lower score than less relevant documents where the keyword is embedded within text.

In some cases, the exact match (for instance a country entity) won't even be returned by the query results.

From my tests, removing the trailing wildcard from the query string gives the same results overall.

Environment

  1. OS (where OpenCTI server runs): Ubuntu 20.04
  2. OpenCTI version: 5.3.7
  3. OpenCTI client: frontend
  4. Other environment details: dockerized

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Search for a single keyword
  2. Catch the elasticsearch query
  3. Remove the trailing wildcard in the ES query
@nicocti nicocti added the question Further information is requested label Jul 22, 2022
@SamuelHassine SamuelHassine changed the title Why adding a trailing wildcard on elasticsearch query strings from the frontend search bar ? Remove the default search wildcard and check the behaviour in Elastic May 18, 2023
@SamuelHassine SamuelHassine added the feature use for describing a new feature to develop label May 18, 2023
@SamuelHassine SamuelHassine added this to the Release 5.10.0 milestone May 18, 2023
@SamuelHassine SamuelHassine added P1 and removed question Further information is requested labels May 18, 2023
@Jipegien
Copy link
Member

There was some changes in 5.8 regarding the search result priorities. Can you check if it is ok for you @nicocti ?

@Jipegien Jipegien modified the milestones: Release 5.11.0, Long-term candidates Jul 27, 2023
@SamuelHassine SamuelHassine removed the P1 label Jan 6, 2024
@SamuelHassine
Copy link
Member

This feature is considered as complete given all recent changes to search and filters.

@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 12, 2024
@SamuelHassine SamuelHassine modified the milestones: Long-term candidates, Release 6.0.0 Feb 12, 2024
@Jipegien Jipegien added the filters & search Linked to search results and filtering engine label Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature use for describing a new feature to develop filters & search Linked to search results and filtering engine solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.0
Development

No branches or pull requests
3 participants
@SamuelHassine @nicocti @Jipegien