从JavaScript进行Elasticsearch查询以访问嵌套字段
[英]Elasticsearch query from javascript to access nested field
问题描述
我在Elasticsearch中有以下数据。 我想在匹配“源MAC地址”的特定值后基于“目标IP”进行汇总。 如何使用javascript中的elasticsearch查询实现此目标。
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 2,
"max_score" : 1.0,
"hits" : [ {
"_index" : "logstash-1",
"_type" : "packet",
"_id" : "bcb57f445084cc0e474366bf892f6b4ab9162a4e",
"_score" : 1.0,
"_source" : {
"@source" : "logstash",
"@source_host" : "03",
"@message" : "72",
"@tags" : [ ],
"@fields" : {
"Protocol Type" : "TCP",
"Dst Domain" : "USER1",
"No" : 72,
"Timestamp" : "2016-11-08 10:46:57.691",
"Source IP" : "10.10.10.10",
"Source MAC Addr" : "00:00:00:00:00:00",
"Length" : 1480,
"Dest MAC Addr" : "ad:ad:ad:ad:ad:ad",
"Src -> Dst" : "10.10.10.10 -> 20.20.20.20",
"TTL" : 60,
"Src Domain" : "act",
"logger" : "logger",
"Dest IP" : "20.20.20.20",
"levelname" : "INFO",
"Size" : 100
},
}
}, {
"_index" : "logstash",
"_type" : "packet",
"_id" : "d6ff9ac16f70dc2c4b3d599c74489475db124fd7",
"_score" : 1.0,
"_source" : {
"message" : "aaaa\n",
"tags" : [ "_jsonparsefailure" ],
"@version" : "1",
"@timestamp" : "2016-11-08T04:11:30.663Z",
"type" : "packet",
"host" : "10.10.10.10",
"fingerprint" : "d6ff9ac16f70dc2c4b3d599c74489475db124fd7"
}
} ]
}
}
1 个解决方案
解决方案1
0 2016-11-09 08:31:28
好吧,这似乎是一个查询结果,因此也包括该查询会很方便,但我仍然没有得到您想要的哪种聚合,因此通过IP和MAC过滤的查询应该可以完成工作,而无需聚合,也可以先通过IP地址过滤然后汇总
"aggs": {
"by_mac_addr": {
"terms": {
"field": "Source MAC Addr",
"order": {
"_term": "asc"
},
"size": 1000
}
}
基本解析查询以访问JavaScript中的指针对象内的字段
[英]Basic Parse query to access a field inside a pointer object in JavaScript
来自给定Javascript对象参数的Javascript访问嵌套HTML元素
[英]Javascript access nested HTML element from given Javascript object argument
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.