Var*_*ain 3 querydsl elasticsearch kibana
我在 Elastic 中有如下数据
{
"_index": "prod",
"_type": "log",
"_id": "aa",
"_source": {
"input_type": "log",
"sourcetype": "sourcetypeapp1",
"message": "APP COMPANY|80d596f6-2082-4a1d-bcfc-740478f626ec|001 ErrorMessage: Some error"
"type": "log",
"tags": [
"beats_input_codec_plain_applied"
]
}
}
我想搜索消息中包含以下数据的所有消息:-
(Message : "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eA|001" AND Message:"ErrorMessage")
Or
(Message : "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eB|002" AND Message:"ErrorMessage")
Or
(Message : "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eC|003" AND Message:"ErrorMessage")
我对elasticsearch查询不太了解,
我尝试过下面的简单查询,它不起作用(只有一个条件):
{
"query": {
"bool": {
"must": {
"bool": {
"should": [
{
"match": {
"Message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eA|001"
}
}
]
}
}
}
}
}
( (condition11 AND condition12) OR (condition21 AND condition22) )
如果这是您想要实现的目标,请尝试这个
{
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eA|001" } },
{ "match": { "message": "ErrorMessage"}}
]
}
},
{
"bool": {
"must": [
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eB|002" } },
{ "match": { "message": "ErrorMessage"}}
]
}
},
{
"bool": {
"must": [
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eC|003" } },
{ "match": { "message": "ErrorMessage"}}
]
}
}
]
}
}
}
但在您的示例中,条件 12 和条件 22 是相同的。在这种情况下,您可以将其重写为
{
"query": {
"bool": {
"must": [
{ "match": { "message": "ErrorMessage"}},
{
"bool": {
"should": [
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eA|001" } },
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eB|002" } },
{ "match": { "message": "COMPANY|80d596f6-2082-4a1d-bcfc-740478f626eC|003" } }
]
}
}
]
}
}
}
| 归档时间: |
|
| 查看次数: |
14925 次 |
| 最近记录: |