弹性搜索模式匹配未按预期工作
我正在尝试模式匹配msg弹性搜索模式匹配未按预期工作,
Warning: implode(): Invalid arguments passed in /data/phpspider/zhask/webroot/tpl/detail.html on line 45
,,我正在尝试模式匹配msg无法分配内存。 我希望它只在匹配整个msg时才打印,但即使它只匹配文档中的“无法或分配或内存”一词,它也会打印 您能否建议是否需要对此查询进行任何修改 查询: GET /_search?pretty { "query": { "bool": { "must": { "query_string": { "query": "Cannot allocate memory" } },
无法分配内存。
我希望它只在匹配整个msg时才打印,但即使它只匹配文档中的“无法或分配或内存”一词,它也会打印
您能否建议是否需要对此查询进行任何修改
查询:
GET /_search?pretty
{
"query": {
"bool": {
"must": {
"query_string": {
"query": "Cannot allocate memory"
}
},
"filter": {
"range": {
"timestamp": {
"gt": "now-1h"
}
}
}
}
}
}
结果:
{
"took":186,
"timed_out":false,
"_shards":{
"total":2337,
"successful":2337,
"skipped":2331,
"failed":0
},
"hits":{
"total":10,
"max_score":38.4559,
"hits":[
{
"_index":"MMJ-2020-06-08-18-45",
"_type":"_MMJ",
"_id":"49605400288259767318470290294414874485955515962252853330.0",
"_score":38.4559,
"_source":{
"message":"Cannot allocate memory",
"host":"MMJ",
"processed":"2020-06-08T19:10:22.046111Z",
"stack":"",
"timestamp":"2020-06-08T19:10:21.927881+00:00"
}
},
{
"_index":"MMJ-2020-06-08-18-45",
"_type":"_MMJ",
"_id":"49605400288215165828073229047621636353532845727514886194.0",
"_score":11.734165,
"_source":{
"message":"found character %'%' that cannot start any token",
"host":"MMJ",
"processed":"2020-06-08T19:10:21.938001Z",
"stack":"",
"timestamp":"2020-06-08T19:10:21.926992+00:00"
}
}
]
}
}
使用default\u操作符
——它默认为或
,但您需要和
:
{
...
"query_string":{
"query":"Cannot allocate memory",
"default_operator":"AND"
}
...
}