0

这是 Elastic Search API 返回的文档结构:

{ "process_name":"process01", "beat": { "hostname":"12345","name":"blablabla" }, }

按 process_name 过滤很容易,但是如何按嵌套在 beat 中的 host_name 过滤?

  • 尝试失败 1

{ "size":10000, "query" : { "bool" : { "should": [ { "match" : { "process_name" : "process01" } }, { "match" : { "process_name" : "process02" } } ], "must": [ { "match" : { beat: { "hostname":"12345" } } } ] } } }

错误信息 1:

(未能反序列化对象类型=类 com.logshero.api.SearchApiRequest):

  • 失败的尝试 2

{ "size":10000, "query" : { "bool" : { "should": [ { "match" : { "process_name" : "process01" } }, { "match" : { "process_name" : "process02" } } ], "must": [ { "match" : { "hostname":"12345" } } ] } } }

错误信息 2:

{“点击”:{“总”:0,“max_score”:null,“点击”:[]}}

4

1 回答 1

1

您可以使用以下查询。您还必须确保映射中的节拍被定义为嵌套类型。

{
    "size": 10000,
    "query": {
        "bool": {
            "should": [{
                "match": {
                    "process_name": "process01"
                }
            }, {
                "match": {
                    "process_name": "process02"
                }
            }],
            "must": [{
                "match": {
                    "beat.hostname": "12345"
                }
            }]
        }
    }
}

谢谢

于 2017-03-07T05:14:01.720 回答