我正在使用 elasticsearch-py 模块,我想获取不到 15 分钟的所有日志。从谷歌我已经像这样写了一整天但没有工作。
data = es.search(index='filebeat-7.2.0-2019.07.27-000001', body={
"query": {
'match': {
'message': 'SocketTimeoutException',
},
"filter" : {
"range" : {
"timestamp" : {
"time_zone": "+01:00", #UTC
"gte": "2019-08-13 00:00:00",
"lte": "now"
}
}
}
}
}
)
length= len(data['hits']['hits'])
for i in range(length):
print (data['hits']['hits'][i]['_source']['message'])
但我收到以下错误,没有过滤器我的查询工作正常。
GET http://xxxxx:9200/filebeat-7.2.0-2019.07.27-000001/_search [status:400 request:0.116s]
Traceback (most recent call last):
test2.py", line 29, in <module>
"lte": "now"
File "C:\Program Files\Python37\lib\site-packages\elasticsearch\client\utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "C:\Program Files\Python37\lib\site-packages\elasticsearch\client\__init__.py", line 660, in search
doc_type, '_search'), params=params, body=body)
File "C:\Program Files\Python37\lib\site-packages\elasticsearch\transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "C:\Program Files\Python37\lib\site-packages\elasticsearch\connection\http_urllib3.py", line 186, in perform_request
self._raise_error(response.status, raw_data)
File "C:\Program Files\Python37\lib\site-packages\elasticsearch\connection\base.py", line 125, in _raise_error
raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
elasticsearch.exceptions.RequestError: RequestError(400, 'parsing_exception', '[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]')