用于搜索术语和日期范围内的弹性查询

Question

GET _search
{
  "query": {
    "bool":{
      "filter":{
        "and":[
        {
          "term":{
            "Server": "XYZ"
          },
          "range": {
            "DateTime":{
              "from": "2018-12-13T00:20:48.782Z",
              "to":"2018-12-14T00:20:48.782Z"
            }
          }
        }
      ]
    }}
  }
}

Above is my elastic query to fetch all records belongs to XYZ Server and within the time range, I have Server and DateTime columns in my dataset but throws below error:以上是我的弹性查询，用于获取属于XYZ服务器的所有记录，并且在时间范围内，我的数据集中有Server和DateTime列，但抛出以下错误：

{ "error": { "root_cause": [ { "type": "parsing_exception", "reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]", "line": 9, "col": 11 } ], "type": "parsing_exception", "reason": "[term] malformed query, expected [END_OBJECT] but found [FIELD_NAME]", "line": 9, "col": 11 }, "status": 400 } { "error": { "root_cause": [ { "type": "parsing_exception", "reason": "[term] 格式错误的查询，预期为 [END_OBJECT] 但发现 [FIELD_NAME]", "line": 9, "col ": 11 } ], "type": "parsing_exception", "reason": "[term] 格式错误的查询，预期为 [END_OBJECT] 但发现 [FIELD_NAME]", "line": 9, "col": 11 }, "状态”：400 }

What am i missing here!我在这里错过了什么！

Answer 1

Your query is malformed use the following query instead:您的查询格式错误，请改用以下查询：

GET _search
{
 "query": {
   "bool": {
     "filter": [ 
      {
        "term": { 
          "Server": "XYZ"
        }
      },
      { 
        "range": {
          "DateTime":{
            "from": "2018-12-13T00:20:48.782Z",
            "to": "2018-12-14T00:20:48.782Z"
          }
        }
      }
    ]
  }
 }
}

Answer 2

You can't have and in your filter clause.您不能在过滤器子句中使用and 。 There is no and clause in ES query. ES 查询中没有and子句。 Basically, you need to combine filter on term and range clause.基本上，您需要在term和range子句上组合过滤器。 Please read combine filters in ES for more information on this.请阅读ES 中的组合过滤器以获取更多信息。

As your query is using an invalid clause, ES isn't able to parse your query.由于您的查询使用了无效子句，ES 无法解析您的查询。

Please use the proper query and you should be able to get the results from ES.请使用正确的查询，您应该能够从 ES 获得结果。

Please try below query, which should work fine and let me know if it doesn't work.请尝试下面的查询，它应该可以正常工作，如果它不起作用，请告诉我。

{
  "query": {
    "constant_score": {
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "Server": "XYZ"
              }
            },
            {
              "bool": {
                "must": [
                  {
                    "range": {
                      "DateTime": {
                        "from": "2018-12-13T00:20:48.782Z",
                        "to": "2018-12-14T00:20:48.782Z"
                      }
                    }
                  }
                ]
              }
            }
          ]
        }
      }
    }
  }
}

Answer 3

The error message is clearly saying that the query is not correct.错误信息明确表示查询不正确。

You can check the official docs for range query and for bool query to se that there is no filter inside bool queries and there is not from, to in range queries.您可以查看范围查询和bool 查询的官方文档，以确保bool 查询中没有过滤器，并且没有 from、to 范围内的查询。

Please check this query.请检查此查询。

GET _search
{
 "query": {
   "bool": {
     "must": [ 
      {
        "term": { 
          "Server": "XYZ"
        }
      },
      { 
        "range": {
          "DateTime":{
            "gt": "2018-12-13T00:20:48.782Z",
            "lte": "2018-12-14T00:20:48.782Z"
          }
        }
      }
    ]
  }
 }
}

用于搜索术语和日期范围内的弹性查询

问题描述

3 个解决方案

解决方案1
1 2019-01-11 10:40:45

解决方案2
0 2019-01-11 12:10:31

解决方案3
0 2019-01-11 12:37:56

用于搜索术语和日期范围内的弹性查询

问题描述

3 个解决方案

解决方案1 1 2019-01-11 10:40:45

解决方案2 0 2019-01-11 12:10:31

解决方案3 0 2019-01-11 12:37:56

解决方案1
1 2019-01-11 10:40:45

解决方案2
0 2019-01-11 12:10:31

解决方案3
0 2019-01-11 12:37:56