1. 首页
  2. 问答
  3. ElasticSearch返回任何结果,尽管正确的查询

ElasticSearch返回任何结果,尽管正确的查询

2017-05-07 55 views
0

我已经创建了elasticsearch.The日志数据filebeat命名的指数正在elasticsearch由filebeat代理发送。 我想基于一个名为value_of_type特定的列/字段筛选结果。使用PHP API:ElasticSearch返回任何结果,尽管正确的查询

$json = 
    '{ 
     "query" : { 
      "bool" : { 
       "filter": [ 
        { 
         "term" : 
         { 
          "value_of_type" : "sound" 
         } 
        } 
       ] 
      } 
     } 
    }';

但它返回0结果。 {"took":4,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}

击中myurl:9200/filebeat在浏览器的结果看起来是这样的:

{ 
    "filebeat": { 
     "aliases": {}, 
     "mappings": { 
      "doc": { 
       "properties": { 
        "@timestamp": { 
         "type": "date" 
        }, 
        "beat": { 
         "properties": { 
          "hostname": { 
           "type": "text", 
           "fields": { 
            "keyword": { 
             "type": "keyword", 
             "ignore_above": 256 
            } 
           } 
          }, 
          "name": { 
           "type": "text", 
           "fields": { 
            "keyword": { 
             "type": "keyword", 
             "ignore_above": 256 
            } 
           } 
          }, 
          "version": { 
           "type": "text", 
           "fields": { 
            "keyword": { 
             "type": "keyword", 
             "ignore_above": 256 
            } 
           } 
          } 
         } 
        }, 
        "fields": { 
         "properties": { 
          "node": { 
           "type": "text", 
           "fields": { 
            "keyword": { 
             "type": "keyword", 
             "ignore_above": 256 
            } 
           } 
          }, 
          "value_of_type": { 
           "type": "text", 
           "fields": { 
            "keyword": { 
             "type": "keyword", 
             "ignore_above": 256 
            } 
           } 
          } 
         } 
        }, 
        "input_type": { 
         "type": "text", 
         "fields": { 
          "keyword": { 
           "type": "keyword", 
           "ignore_above": 256 
          } 
         } 
        }, 
        "message": { 
         "type": "text", 
         "fields": { 
          "keyword": { 
           "type": "keyword", 
           "ignore_above": 256 
          } 
         } 
        }, 
        "offset": { 
         "type": "long" 
        }, 
        "source": { 
         "type": "text", 
         "fields": { 
          "keyword": { 
           "type": "keyword", 
           "ignore_above": 256 
          } 
         } 
        }, 
        "type": { 
         "type": "text", 
         "fields": { 
          "keyword": { 
           "type": "keyword", 
           "ignore_above": 256 
          } 
         } 
        } 
       } 
      } 
     }, 
     "settings": { 
      "index": { 
       "creation_date": "1494116541083", 
       "number_of_shards": "5", 
       "number_of_replicas": "1", 
       "uuid": "IdhWgIqiQ-GNrZK3AvCP9g", 
       "version": { 
        "created": "5020199" 
       }, 
       "provided_name": "filebeat" 
      } 
     } 
    } 
}

来源

2017-05-07 Pranjal Rajput

+0

数据存在于索引中。击中'myurl/filebeat/_search'的结果是这样的: \t “命中”:{ \t \t “总”:92, \t \t “MAX_SCORE”:1.0, \t \t “命中”:[{ \t \t \t “_index”: “filebeat”, \t \t \t “_type”: “文档”, \t \t \t “_id”: “AVvgSgz27_8XwAoIUeKd”, \t \t \t “_score”:1.0, \t \t \t “_source”:{ \t \t \t \t “@timestamp”: “2017-05-07T00:23:16.000Z”, \t \t \t \t “拍”:{ \t \t \t \t \t“主机名“: “lorem06”, \t \t \t \t \t “名”: “lorem06”, \t \t \t \t \t “版本”:“6.0。0-α1 - git3bcebf6" \t \t \t \t}, \t \t \t \t “字段”:{ \t \t \t \t \t “节点”: “节点1”, \t \t \t \t \t “value_of_type”: “声音” \t \t \t \t}, \t \t \t “INPUT_TYPE”: “登录”,... \t \t},... .....] –

回答

0

您所查询的是正确的,但它不匹配索引东西:你有索引没有文件正确的结构。

为您查询匹配的文档,在索引文件应该有一个value_of_type字段值"sound"(比如在样品响应下面返回。)

简单GET /filebeat/_search查询(无任何过滤器)应该给导致这样的:

{ 
    "took": 28, 
    "timed_out": false, 
    "hits": { 
     "total": N, // the number of documents in your index 
     "max_score": 1, 
     "hits": [ 
     ... 
     { 
      "_index": "filebeat", 
      "_type": "some_doc_type", 
      "_id": "some_id", 
      "_score": 1, 
      "_source": { 
       ... 
       "value_of_type": "sound", // that's what you query will match 
       ... 
      } 
    ] 
}

来源

2017-05-07 01:38:29

+0

谢谢,算了一下。具有以下更改的更新查询工作: ' “term”: { “fields.value_of_type”:“sound” } –

相关问题

 相关问题