kibana-6 - 如何从kibana的索引中获取选定的字段

Question

在这里，我需要根据某些条件获取特定索引的键、值对。

我只需要该索引文档中的几个字段而不是所有字段

我只需要我在输入中给出的字段。

 GET /_search?&pretty=true&size=3
{
 "query": {

         "query_string": {

           "query": "countryCode:SA AND serviceName:SMS",
           "fields": ["level","cause","to"]
         }
       }    
}

输出：

 {
      "took": 2854,
      "timed_out": false,
      "num_reduce_phases": 4,
      "_shards": {
        "total": 1891,
        "successful": 1891,
        "failed": 0
      },
      "hits": {
        "total": 14032,
        "max_score": 8.429943,
        "hits": [
          {
            "_index": "postman-2019.01.21",
            "_type": "syslog",
            "_id": "AWhvN1KDl97BCeGFfgpe",
            "_score": 8.429943,
            "_source": {
              "eId": "346589962",
              "level": "info",
              "prevStatus": "SUCCESS",
              "cause": "SUCCESS",
              "serviceName": "SMS",
              "loggingAction": "SMS_CALLBACK_REPORTS",
              "application": "POSTMAN",
              "countryCode": "SA",
              "client": "CRS",
              "to": "+966572444531",
              "externalServiceName": "gupshupInternationalChannelA",
              "time": "Mon Jan 21 07:02:02 UTC 2019",
              "category": "OTP",
              "dId": "3762647059352507724-309778596902014991",
              "uIdentifier": "2e262115-d09c-4bef-a04b-d0860d064930",
              "epochTime": 1548054122491,
              "status": "DELIVERED",
              "@version": "1",
              "@timestamp": "2019-01-21T07:02:03.124Z",
              "path": "/mnt/logs/logstash",
              "host": "ip-10-20-10-164",
              "type": "syslog"
            }
          }
        ]
      }
    }

这是我得到的输出，但我只需要我在输入中给出的字段

Answer 1

这是您可以尝试的方法：

POST cars/_search
    {
        "_source": {
            "includes": [ "price_eur", "stk_year" ],
            "excludes": [ "mileage" ]
        },
        "query" : {
            "match" : { "maker" : "audi" }
        }
    }


POST cars/_search?&pretty=true&size=3
    {
        "_source": {
            "includes": [ "price_eur", "stk_year" ],
            "excludes": [ "mileage" ]
        },
        "query" : {
            "match" : { "maker" : "audi" }
        }
    }