堆栈内存溢出
  简体   繁体   English

带有日期和术语的ElasticSearch查询

[英]ElasticSearch query with date and term

 原文  2015-09-14 08:55:37       ruby/ json/ elasticsearch

问题描述

Here is my query 这是我的查询 

{
    "filter": {
        "bool": {
            "must": [{
                "range": {
                    "timestamp": {
                        "gte": "now-24"
                    }
                }
            }, {
                "term": {
                    "program": "dashboard"
                }
            }]
        }
    }
}

Data sample in elasticsearch: elasticsearch中的数据样本: 

 {
"_index": "logstash-2015.09.14",
"_type": "logs",
"_id": "AU_MPG6xoSXeyoJeeaQ1",
"_score": 1,
"_source": {
"message": "testing for clustering--473983--https://github.com/mobz/elasticsearch-headThis will automatically download the latest version of elasticsearch-head from github and run it as ugin within the elasticsearch cluster.",
"@version": "1",
"@timestamp": "2015-09-14T14:23:16.000Z",
"host": "172.17.42.1",
"priority": 13,
"timestamp": "Sep 14 14:23:16",
"logsource": "cn1",
"program": "ubuntu",
"severity": 5,
"facility": 1,
"facility_label": "user-level",
"severity_label": "Notice",
"event_time": "2015-09-14 14:23:16 UTC"
}
}

How can I pass ` 我该如何通过`

from and to date 从至今

in this query if timestamp in "timestamp": "Sep 14 06:19:10"` this format please someone help me. in this query if timestamp in “ timestamp”:“ Sep 14 06:19:10”`,请有人帮助我。

2 个解决方案

解决方案1
 0  2015-09-14 21:06:19

You might use: 您可以使用: 

{
    "query": {
        "bool": {
            "must": [
                {
                    "term": {
                        "program": "dashboard"
                    }
                },
                {
                    "range": {
                        "@timestamp": {
                            "from": "2015-09-14T20:56:52.404Z",
                            "to": "2015-09-14T20:57:02.686Z"
                        }
                    }
                }
            ]
        }
    }
}

Regards, Alain 问候,阿兰

解决方案2
 0  2015-09-15 12:13:35

If you want to filter on event_time field, try this: 如果要过滤event_time字段,请尝试以下操作: 

{
    "query": {
        "bool": {
            "must": [
                {
                    "term": {
                        "program": "dashboard"
                    }
                },
                {
                    "range": {
                        "logs.event_time": {
                            "from": "2015-09-13",
                            "to": "2015-09-14"
                        }
                    }
                }
            ]
        }
    }
}

Regards, Alain 问候,阿兰

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Elasticsearch Ruby Activerecord持久性模型URL术语搜索 - Elasticsearch Ruby Activerecord Persistence Model URL term search ElasticSearch删除查询 - ElasticSearch Delete Query Elasticsearch嵌套查询聚合 - Elasticsearch nested query aggregations 在查询上使用Elasticsearch进行方面的麻烦 - Facet Troubles with Elasticsearch on Query Elasticsearch中带有查询的嵌套过滤器 - Nested filter with query in elasticsearch ElasticSearch / Searchkick - LIKE查询 - ElasticSearch / Searchkick - LIKE query 时间之间的Rails查询,但指定期限 - Rails query between time but specify term 如何在“词条”查询中转义特殊符号 - How to escape special symbols in “term” query ElasticSearch过滤器匹配单个日期 - ElasticSearch filter to match a single date Elasticsearch 中按日期记录的平均值 - Average of group by date records in Elasticsearch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM