比较kibana搜索中的两个字段
[英]Compare two fields in kibana search
问题描述
I have two fields one is timestamp which is associated with every record and one is expiryDate so I want to put a lucene query in the discover part search section such that it extract out the records for which expiry date > timestamp. 
我有两个字段,一个是timestamp,它与每条记录相关联,一个是expiryDate,因此我想在发现部分搜索部分中输入一个lucene查询,以便它提取出到期日期> timestamp的记录。 Can anyone help me in writing the query. 谁能帮助我编写查询。 Consider online.timestamp as one field and online.expiry as another field. 将online.timestamp视为一个字段,将online.expiry视为另一字段。
1 个解决方案
解决方案1
1 2016-06-12 06:52:38
You can write the below query:- 您可以编写以下查询:
{"constant_score":{"filter":{"script" : { "script" : "doc['online.expiry'].value > doc['online.timestamp'].value"}}}}
You may see an error while using above query such as:- 使用上述查询时,您可能会看到错误:
ScriptException[scripts of type [inline], operation [search] and lang [groovy] are disabled]
To solve this error, edit your elasticsearch.yml file and enter the following property at the end:- 要解决此错误,请编辑您的elasticsearch.yml文件,并在最后输入以下属性:
script.inline:on
Then you can restart your Elasticsearch node or cluster and then query the same on Kibana which will fetch you desired records. 然后,您可以重新启动您的Elasticsearch节点或集群,然后在Kibana上对其进行查询,这将获取您所需的记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.