堆栈内存溢出
  简体   繁体   English

过滤 Elasticsearch 术语查询

[英]Filter on Elasticsearch terms query

 原文  2020-03-19 03:33:22       elasticsearch/ elasticsearch-query

问题描述

I am looking for the last time any user has logged in.我正在寻找任何用户最后一次登录的时间。

I have two authentication types ( Admin, Client) and am trying to do a query to find the event: Authentication succeeded Where authentication_type: Client我有两种身份验证类型(管理员、客户端),并且正在尝试执行查询以查找事件:身份验证成功其中身份验证类型:客户端

closest I have come is:我最接近的是:

params='{ "query":{"terms":{"event_type":["authentication_succeeded"]}}}'
data=$(curl -XGET "localhost:9200/logstash-*/_search?scroll=10m&size=500&pretty" -H 'Content-Type: application/json' -d"${params}")

After many variations and alternate query types but I have not been able to successfully append the filter for '{"authentication_type":"Client"}'经过许多变化和替代查询类型,但我无法成功附加过滤器 '{"authentication_type":"Client"}'

1 个解决方案

解决方案1
 1 已采纳  2020-03-19 03:41:51

You need to define your authentication_type and event_type as keyword and then use the term filters on these fields in your search query.您需要将authentication_typeevent_type定义为关键字,然后在搜索查询中对这些字段使用术语过滤器。

You can read with an example filter with multiple terms in this official ES link .您可以在此官方 ES 链接中阅读带有多个术语的示例过滤器。

Below is a step by step example which uses your data to show the expected search results.下面是一个分步示例,它使用您的数据来显示预期的搜索结果。

Index mapping索引映射

{
  "mappings": {
    "properties": {
      "authentication_type": {
        "type": "keyword"
      },
      "event_type" :{
        "type" : "keyword"
      }
    }
  }
}

Index sample docs索引示例文档

{
   "authentication_type" : "Client",
   "event_type" : "authentication_succeeded"
}

{
   "authentication_type" : "Client",
   "event_type" : "authentication_failed"
}

{
   "authentication_type" : "Admin",
   "event_type" : "authentication_succeeded"
}

{
   "authentication_type" : "Admin",
   "event_type" : "authentication_failed"
}

Search query搜索查询

{
    "query": {
        "bool": {
            "filter": [
                {
                    "term": {
                        "event_type": "authentication_succeeded"
                    }
                },
                {
                    "term": {
                        "authentication_type": "Client"
                    }
                }
            ]
        }
    }
}

Search Result搜索结果

"hits": [
         {
            "_index": "so_60750542",
            "_type": "_doc",
            "_id": "1",
            "_score": 0.0,
            "_source": {
               "authentication_type": "Client",
               "event_type": "authentication_succeeded"
            }
         }
      ]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Elasticsearch:突出显示查询词,而不是过滤词? - Elasticsearch: highlight on query terms, not filter terms? Elasticsearch 查询通过重复使用的术语查询过滤器加快速度 - Elasticsearch query speed up with repeated used terms query filter ElasticSearch-筛选条件以实现自动完成 - ElasticSearch - filter terms for autocomplete ElasticSearch 按条款过滤 - ElasticSearch filter by terms issue Elasticsearch字词过滤器,但带前缀 - Elasticsearch terms filter, but for a prefix Elasticsearch - 术语查找 - 过滤器 - Elasticsearch - terms lookup - filter 带有过滤条件和字符串搜索的Elasticsearch Bool查询返回不一致的结果 - Elasticsearch bool query with filter terms and string search returning inconsistent results 对于 Elasticsearch,如何在 filter->terms 查询中使用 OR 而不是 AND? - With Elasticsearch, how to use an OR instead of AND within filter->terms query? elasticsearch 如何在同一查询中决定必须和过滤条件? - How elasticsearch decides must and filter terms in same query? elasticsearch中的术语查询 - Terms query in elasticsearch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM