弹性搜索嵌套过滤器
elastic search nested filter
这是 Elastic Search 返回的文档结构 API:
{
"process_name":"process01",
"beat":
{
"hostname":"12345","name":"blablabla"
},
}
按 process_name 过滤很容易,但如何按嵌套在节拍中的 host_name 过滤?
- 第 1 次尝试失败
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { beat: { "hostname":"12345" } } }
]
}
}
}
错误信息 1:
(failed to deserialize object type=class com.logshero.api.SearchApiRequest):
- 失败的尝试 2
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { "hostname":"12345" } }
]
}
}
}
错误信息 2:
{"hits":{"total":0,"max_score":null,"hits":[]}}
您可以使用以下查询。您还必须确保映射中的节拍被定义为嵌套类型。
{
"size": 10000,
"query": {
"bool": {
"should": [{
"match": {
"process_name": "process01"
}
}, {
"match": {
"process_name": "process02"
}
}],
"must": [{
"match": {
"beat.hostname": "12345"
}
}]
}
}
}
谢谢
这是 Elastic Search 返回的文档结构 API:
{
"process_name":"process01",
"beat":
{
"hostname":"12345","name":"blablabla"
},
}
按 process_name 过滤很容易,但如何按嵌套在节拍中的 host_name 过滤?
- 第 1 次尝试失败
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { beat: { "hostname":"12345" } } }
]
}
}
}
错误信息 1:
(failed to deserialize object type=class com.logshero.api.SearchApiRequest):
- 失败的尝试 2
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { "hostname":"12345" } }
]
}
}
}
错误信息 2:
{"hits":{"total":0,"max_score":null,"hits":[]}}
您可以使用以下查询。您还必须确保映射中的节拍被定义为嵌套类型。
{
"size": 10000,
"query": {
"bool": {
"should": [{
"match": {
"process_name": "process01"
}
}, {
"match": {
"process_name": "process02"
}
}],
"must": [{
"match": {
"beat.hostname": "12345"
}
}]
}
}
}
谢谢