Elasticsearch 查询不同字段
[英]Elasticsearch query with different fields
问题描述
这是我的文件的一个例子
{
"@timestamp": "2020-04-24T19:36:52.484Z",
"token": "123",
"application": "sso_api_v3",
"ssoapiv3_method": "GET",
"ssoapiv3_error_description": "Your access token has expired",
"code": 401,
"message": "\"message\"",
"level": 6,
"facility": "sso_api_v3",
"type": "gelf"
}
[...]
{
"@timestamp": "2020-04-24T19:37:52.484Z",
"token": "123",
"application": "sso_api_v3",
"ssoapiv3_method": "GET",
"ssoapiv3_error_description": "Your access token has expired",
"code": 200,
"message": "\"message\"",
"level": 6,
"facility": "sso_api_v3",
"type": "gelf"
}
[...]
我有大量请求,我想进行搜索以获取具有相同令牌但代码为 200 和 401 的文档。我可以获得全部 200、全部 401,但我无法为同一个令牌。
1 个解决方案
解决方案1
1 2020-04-30 07:58:06
有两种方法可以做到这一点。
1. 术语聚合
询问:
{
"size": 0,
"aggs": {
"code": {
"filter": {
"terms": {
"code": [
200,401 --> returns all documengts with code 200 / 401
]
}
},
"aggs": {
"token": { --> creates group of tokens and fetched doc under each
"terms": {
"field": "token.keyword",
"size": 10
},
"aggs": {
"docs": {
"top_hits": {
"size": 10
}
}
}
}
}
}
}
}
结果:
"aggregations" : {
"code" : {
"doc_count" : 1,
"token" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "123",
"doc_count" : 1,
"docs" : {
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "index9",
"_type" : "_doc",
"_id" : "16UKynEBAWHHnYGORq-d",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2020-04-24T19:36:52.484Z",
"token" : "123",
"application" : "sso_api_v3",
"ssoapiv3_method" : "GET",
"ssoapiv3_error_description" : "Your access token has expired",
"code" : 401,
"message" : """"message"""",
"level" : 6,
"facility" : "sso_api_v3",
"type" : "gelf"
}
}
]
}
}
}
]
}
}
}
2. 场塌陷
返回组字段的前 1 个文档。 您可以使用 inner_hits 获取该组下的其他文档
询问:
{
"query": {
"terms": {
"code": [
200,
401
]
}
},
"collapse": {
"field": "token.keyword",
"inner_hits": {
"name": "docs",
"size": 10,
"sort": [{ "@timestamp": "asc" }]
}
}
}
Elasticsearch:在单个查询中针对不同字段的不同查询
[英]Elasticsearch: different queries on different fields in a single query
根据Elasticsearch中不同索引中存在的字段进行查询
[英]Query based on Fields existing in different Indices in Elasticsearch
elasticsearch查询字符串分析器,用于具有不同分析器的不同字段
[英]elasticsearch query string analyzer for different fields with different analyzers
elasticsearch:_all和字段查询字符串查询之间的结果不同
[英]elasticsearch: different results between _all and fields query string query
Elasticsearch多匹配交叉字段查询与不同的查询分析器
[英]Elasticsearch multi-match cross fields query with different query analyzers
如何通过Python Query在Elasticsearch中的不同字段中找到相等的值?
[英]How to find equal values in different fields in Elasticsearch via Python Query?
elasticsearch如何查询具有数据范围的两个不同字段
[英]elasticsearch how to query with two different fields with data range
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Elasticsearch查询中字段的不同相关性
Elasticsearch:在单个查询中针对不同字段的不同查询
Elasticsearch 查询不同权重的不同字段
根据Elasticsearch中不同索引中存在的字段进行查询
在Elasticsearch中使用两个不同的字段进行搜索查询
elasticsearch查询字符串分析器,用于具有不同分析器的不同字段
elasticsearch:_all和字段查询字符串查询之间的结果不同
Elasticsearch多匹配交叉字段查询与不同的查询分析器
如何通过Python Query在Elasticsearch中的不同字段中找到相等的值?
elasticsearch如何查询具有数据范围的两个不同字段
相关标签