范围查询不支持Elasticsearch字段
[英]Elasticsearch field not supported in range query
问题描述
I'm using a curl query to try to get data from my elasticsearch instance. 
我正在使用curl查询来尝试从我的elasticsearch实例获取数据。 All my indices and types have a field call @timestamp which use the "strict_date_optional_time" format. 我所有的索引和类型都有一个@timestamp字段调用,它使用“ strict_date_optional_time”格式。 But everytime I try to use a range filter on that field, my queries fail. 但是每次我尝试在该字段上使用范围过滤器时,查询都会失败。
The query I execute : 我执行的查询:
curl 'localhost:X/logstash-*/traces_console/_search' -d '{
"query" : {
"bool": {
"must": [
{ "match_all": {} }
],
"filter": [
{ "range":
{ "@timestamp":
"gte": "2018-02-20T13:55:06.387Z",
"lte": "2018-02-23T13:55:06.387Z"
}
}
]
}}
}'
The error message : 错误消息:
"reason":{
"type":"query_parsing_exception",
"reason":"[range] query does not support [@timestamp]",
"index":"logstash-2018.02.06","line":10,"col":21
}
I don't understand why this error keep popping. 我不明白为什么这个错误不断弹出。 When i looked upon most of what was already published regarding this, all the people using date format have working queries. 当我查看有关此问题的大多数出版物时,所有使用日期格式的人都有有效的查询。 If you have any hint or clue about why it does not work I will apreciate. 如果您有任何关于为什么它不起作用的提示或线索,我将不胜感激。
Here some informations that can be useful : 这里有一些有用的信息:
Environment 环境
- OS: Red Hat Enterprise Linux Server release 6.5 (Santiago) 操作系统: Red Hat Enterprise Linux Server 6.5版(圣地亚哥)
- Java: 1.7 Java: 1.7
- Elasticsearch: 2.4 Elasticsearch: 2.4
- Logstash: 2.4 Logstash: 2.4
Mapping generated from logstash 从logstash生成的映射
"traces_console":{
"properties":{
"@timestamp":{
"type":"date",
"format":"strict_date_optional_time||epoch_millis"
},
"@version":{"type":"string"},
"Method":{"type":"string"},
"RequestSize":{"type":"string"},
"ResponseSize":{"type":"string"},
"ResponseTime":{"type":"string"},
"SubSystem":{"type":"string"},
"column1":{"type":"string"},
"column2":{"type":"string"},
"column3":{"type":"string"},
"column4":{"type":"string"},
"column5":{"type":"string"},
"host":{"type":"string"},
"path":{"type":"string"},
"type":{"type":"string"}
}
}
Logstash configuration file feeding elasticsearch Logstash配置文件馈入Elasticsearch
input {
file {
path => "LOG_PATH/TRACES_CONSOLE.log"
start_position => "beginning"
type => "traces_console"
}
}
filter {
csv {
separator => ";"
columns => ["Method","RequestSize","ResponseSize","ResponseTime","SubSystem"]
source => message
convert => {
"RequestSize" => "date"
"ResponseSize" => "date"
}
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => ["localhost:X"]
}
}
1 个解决方案
解决方案1
1 已采纳 2018-02-27 00:52:18
Your Range Query syntax is not correct, you need extra curly braces: 您的范围查询语法不正确,您需要使用大括号:
{ "range":
{ "@timestamp": {
"gte": "2018-02-20T13:55:06.387Z",
"lte": "2018-02-23T13:55:06.387Z"
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.