我想生成这个:
GET /packets-2017-09-25/_search
{
"size": 0,
"query": {
"match": {
"transport_protocol": "tcp"
}
},
"aggs": {
"clients": {
"terms": {
"field": "layers.ip.src.keyword",
"size": 1000,
"order":{ "num_servers.value":"desc" }
},
"aggs": {
"num_servers": {
"cardinality": {
"field": "layers.ip.dst.keyword",
"precision_threshold" : 40000
}
},
"server_list": {
"terms": {
"field": "layers.ip.dst.keyword"
}
}
}
}
}
}
即我想要客户端下的两个存储桶 (num_servers) 和 (server_list)。
我正在尝试下面的代码,它出错了:
def get_streams_per_client(proto='tcp', max=40000):
s = Search(using=client, index="packets-2017-09-25") \
.query("match", transport_protocol=proto)
s.aggs.bucket('clients', 'terms', field='layers.ip.src.keyword', size=max, order={"num_servers.value":"desc"})\
.bucket('num_servers', 'cardinality', field='layers.ip.dst.keyword', precision_threshold=40000)\
.bucket('server_list', 'terms', field='layers.ip.dst.keyword') …我有多个文档的索引。文档包含以下字段:
我想创建一个 elasticsearch dsl 查询。对于此查询,有两个输入可用,例如 adhar_number 和 pan_number。此查询应与OR 条件匹配。
示例:如果一个文档仅包含提供的 adhar_number,那么我也想要该文档。
我有一本字典,内容如下(my_dict):
{
"adhar_number": "123456789012",
"pan_number": "BGPPG4315B"
}
我试过如下:
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
es = Elasticsearch([{'host': 'localhost', 'port': 9200}])
s = Search(using=es, index="my_index")
for key, value in my_dict.items():
s = s.query("match", **{key:value})
print(s.to_dict())
response = s.execute()
print(response.to_dict())
它创建以下查询:
{
'query': {
'bool': {
'must': [
{
'match': {
'adhar_number': '123456789012'
}
},
{
'match': {
'pan_number': 'BGPPG4315B'
}
}
] …最初,我会filter在 bool 查询中添加一个。然而,当我转向 时terms filter,文件表明它terms query现在应该被替换。所以,我理解这一点为我们需要构建既具有复合查询terms query和bool query。如果我是正确的,我应该如何编写查询?
注意:我使用 elasticsearch 的 Python API。
我有一个 elasticsearch 范围查询,我想将其转换为elasticsearch-dsl:
{"range":
{"@timestamp":
{"gte": 1570258800000,
"lte": 1571036400000,
"format": "epoch_millis"
}
}
}
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
client = Elasticsearch(<connection_details>)
s = Search(using=client, index="my-index") \
.query("???")
我有一个 Elasticsearch 数据库,其中包含多个字段,其中可以包含名称信息,并尝试像这样搜索它:
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
client = Elasticsearch()
s = Search(using=client, index="names")
query = 'smith'
fields = ['name1', 'name2']
results = s.query("multi_match", query=query, fields=fields, fuzziness='AUTO')
for hit in results.scan():
print(hit.meta.score)
结果是:
None
None
None
...
但是,如果我手动构建它:
results = client.search(index="names",
body={"size": 100, "query":{
"multi_match": {
"query": query, "fields": fields, "fuzziness": 'AUTO'
}
}
})
我的结果是:
{'_index': 'names', '_type': 'Name1', '_id': '1MtYSW4BXryTHXwQ1xBS', '_score': 14.226202, '_source': {...}
{'_index': 'names', '_type': 'Name1', '_id': 'N8tZSW4BXryTHXwQHBfw', '_score': 14.226202, '_source': {...} …