從JavaScript進行Elasticsearch查詢以訪問嵌套字段
[英]Elasticsearch query from javascript to access nested field
問題描述
我在Elasticsearch中有以下數據。 我想在匹配“源MAC地址”的特定值后基於“目標IP”進行匯總。 如何使用javascript中的elasticsearch查詢實現此目標。
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 2,
"max_score" : 1.0,
"hits" : [ {
"_index" : "logstash-1",
"_type" : "packet",
"_id" : "bcb57f445084cc0e474366bf892f6b4ab9162a4e",
"_score" : 1.0,
"_source" : {
"@source" : "logstash",
"@source_host" : "03",
"@message" : "72",
"@tags" : [ ],
"@fields" : {
"Protocol Type" : "TCP",
"Dst Domain" : "USER1",
"No" : 72,
"Timestamp" : "2016-11-08 10:46:57.691",
"Source IP" : "10.10.10.10",
"Source MAC Addr" : "00:00:00:00:00:00",
"Length" : 1480,
"Dest MAC Addr" : "ad:ad:ad:ad:ad:ad",
"Src -> Dst" : "10.10.10.10 -> 20.20.20.20",
"TTL" : 60,
"Src Domain" : "act",
"logger" : "logger",
"Dest IP" : "20.20.20.20",
"levelname" : "INFO",
"Size" : 100
},
}
}, {
"_index" : "logstash",
"_type" : "packet",
"_id" : "d6ff9ac16f70dc2c4b3d599c74489475db124fd7",
"_score" : 1.0,
"_source" : {
"message" : "aaaa\n",
"tags" : [ "_jsonparsefailure" ],
"@version" : "1",
"@timestamp" : "2016-11-08T04:11:30.663Z",
"type" : "packet",
"host" : "10.10.10.10",
"fingerprint" : "d6ff9ac16f70dc2c4b3d599c74489475db124fd7"
}
} ]
}
}
1 個解決方案
解決方案1
0 2016-11-09 08:31:28
好吧,這似乎是一個查詢結果,因此也包括該查詢會很方便,但我仍然沒有得到您想要的哪種聚合,因此通過IP和MAC過濾的查詢應該可以完成工作,而無需聚合,也可以先通過IP地址過濾然后匯總
"aggs": {
"by_mac_addr": {
"terms": {
"field": "Source MAC Addr",
"order": {
"_term": "asc"
},
"size": 1000
}
}
基本解析查詢以訪問JavaScript中的指針對象內的字段
[英]Basic Parse query to access a field inside a pointer object in JavaScript
來自給定Javascript對象參數的Javascript訪問嵌套HTML元素
[英]Javascript access nested HTML element from given Javascript object argument
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.