如何在 Kibana 查询中搜索 500 个术语
How to search for 500 terms in a Kibana query
我是 运行 7.2 ELK 堆栈,我正在尝试在 1 个搜索词中搜索 500 个可能的值,例如:
作者:比尔或作者:吉姆或作者:蒂姆或作者:史蒂夫或作者:山姆...
我尝试将列表剪切并粘贴到搜索栏中,但这似乎效果不佳。有人对如何使用这样的列表进行搜索有任何建议吗?
谢谢
如果值是词项(单个词),可以使用terms query otherwise you have to use match_phrase with bool query
Returns documents that contain one or more exact terms in a provided field.
The terms query is the same as the term query, except you can search for multiple values.
"query": {
"terms": {
"author": [
"bill", "jim", "tim", "steve", "sam"
]
}
}
注意:使用术语查询时,我们必须将每个作者小写
Match Phrase with bool query :
"query": {
"bool": {
"should": [
{
"match_phrase": {
"author": "Bill"
}
},
{
"match_phrase": {
"author": "Jim"
}
},
{
"match_phrase": {
"author": "Tim"
}
},
{
"match_phrase": {
"author": "Steve"
}
},
{
"match_phrase": {
"author": "Sam"
}
}
]
}
}
我是 运行 7.2 ELK 堆栈,我正在尝试在 1 个搜索词中搜索 500 个可能的值,例如:
作者:比尔或作者:吉姆或作者:蒂姆或作者:史蒂夫或作者:山姆...
我尝试将列表剪切并粘贴到搜索栏中,但这似乎效果不佳。有人对如何使用这样的列表进行搜索有任何建议吗?
谢谢
如果值是词项(单个词),可以使用terms query otherwise you have to use match_phrase with bool query
Returns documents that contain one or more exact terms in a provided field. The terms query is the same as the term query, except you can search for multiple values.
"query": {
"terms": {
"author": [
"bill", "jim", "tim", "steve", "sam"
]
}
}
注意:使用术语查询时,我们必须将每个作者小写
Match Phrase with bool query :
"query": {
"bool": {
"should": [
{
"match_phrase": {
"author": "Bill"
}
},
{
"match_phrase": {
"author": "Jim"
}
},
{
"match_phrase": {
"author": "Tim"
}
},
{
"match_phrase": {
"author": "Steve"
}
},
{
"match_phrase": {
"author": "Sam"
}
}
]
}
}