elasticsearch 在索引中匹配/搜索失败,elasticsearch,kibana,elasticsearch,Kibana" /> elasticsearch 在索引中匹配/搜索失败,elasticsearch,kibana,elasticsearch,Kibana" />
Fatal编程技术网

elasticsearch 在索引中匹配/搜索失败

kibana

elasticsearch 在索引中匹配/搜索失败,elasticsearch,kibana,elasticsearch,Kibana,我试图搜索我的索引,但使用文档化的match语法失败 这是我们的调查结果 GET apm-7.6.2-transaction-000001/_search { "_source": ["transaction.custom.campaign_name"], "query": { "match_all": {} } } 返回 { "took" : 1, "timed_out" : false, "_shards" : { "total" :

我试图搜索我的索引,但使用文档化的
match
语法失败

这是我们的调查结果

GET apm-7.6.2-transaction-000001/_search
{
  "_source": ["transaction.custom.campaign_name"],
    "query": {
        "match_all": {}
    }
}
返回

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 6,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
...
但当我尝试筛选结果并仅获取值时,其中transaction.custom.campaign_名称处于某个特定值

GET apm-7.6.2-transaction-000001/_search 
{
  "query": {
    "match" : { 
      "transaction.custom.campaign_name": "ca*"
    }
  }
}
我的点击率为零:

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 0,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  }
}
有人能告诉我这里的问题吗

多谢各位

PS:这里是一个单打的例子,当使用math_all时:

...
{
        "_index" : "apm-7.6.2-transaction-000001",
        "_type" : "_doc",
        "_id" : "8gX_B3IB6W5uorYBtJHZ",
        "_score" : 1.0,
        "_source" : {
          "agent" : {
            "name" : "rum-js",
            "version" : "5.1.1"
          },
          "processor" : {
            "name" : "transaction",
            "event" : "transaction"
          },
          "labels" : {
            "label1" : "ahoi"
          },
          "observer" : {
            "hostname" : "c99d7caa67e7",
            "id" : "74cdd7ab-e3e5-4794-972d-cfd54f5f48d4",
            "ephemeral_id" : "bab410d0-501b-4a4e-93e8-0b1520992451",
            "type" : "apm-server",
            "version" : "7.6.2",
            "version_major" : 7
          },
          "trace" : {
            "id" : "59986f27506d0ab53a82f74f2669ff0a"
          },
          "@timestamp" : "2020-05-12T08:28:17.000Z",
          "ecs" : {
            "version" : "1.4.0"
          },
          "service" : {
            "name" : "test",
            "language" : {
              "name" : "javascript"
            }
          },
          "client" : {
            "ip" : "172.22.0.1"
          },
          "user" : {
            "name" : "mojovski",
            "id" : "aabbxx",
            "email" : "hi@mail.de"
          },
          "transaction" : {
            "duration" : {
              "us" : 425000
            },
            "custom" : {
              "campaign_name" : "campaign_1_welt.de_max-price:4eur",
              "stuff" : "stuff"
            },
            "name" : "Unknown",
            "marks" : {
              "agent" : {
                "domInteractive" : 301,
                "domComplete" : 416,
                "timeToFirstByte" : 35
              },
              "navigationTiming" : {
                "responseEnd" : 35,
                "responseStart" : 35,
                "domainLookupEnd" : 1,
                "domInteractive" : 301,
                "domContentLoadedEventStart" : 317,
                "domComplete" : 416,
                "domainLookupStart" : 1,
                "connectEnd" : 1,
                "connectStart" : 1,
                "loadEventStart" : 416,
                "requestStart" : 34,
                "fetchStart" : 0,
                "domContentLoadedEventEnd" : 342,
                "loadEventEnd" : 421,
                "domLoading" : 38
              }
            },
            "page" : {
              "referer" : "",
              "url" : "http://localhost:8080/"
            },
            "span_count" : {
              "started" : 23
            },
            "id" : "a6b27cdc0e2299b5",
            "type" : "page-load",
            "sampled" : true
          },
          "user_agent" : {
            "original" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0",
            "os" : {
              "name" : "Ubuntu"
            },
            "name" : "Firefox",
            "device" : {
              "name" : "Other"
            },
            "version" : "76.0."
          },
          "timestamp" : {
            "us" : 1589272097000246
          }
        }
      }
...
更新

这是索引的映射,通过读取 
获取apm-7.6.2-transaction-000001/\u映射

(由于文件太大,我把它放在gist:)

匹配查询不支持通配符

如果要搜索前缀,可以尝试使用
前缀
查询

GET apm-7.6.2-transaction-000001/_search 
{
  "query": {
    "prefix" : {                                       <-- change this
      "transaction.custom.campaign_name": "ca"
    }
  }
}

GET apm-7.6.2-transaction-000001//u搜索
{
“查询”:{

前缀:{谢谢!不幸的是,这不起作用。可能是因为字段“transaction.custom.campaign_name”仅在某些数据项中可用?然后查询会看起来不一样吗?不,这两种方式都可以。您能用索引的映射更新您的问题吗?谢谢。我更新了问题。顺便说一句,我还尝试通过
PUT apm-7.6.2-transaction-000001//u mapping{“properties”:{“transaction”:{“属性”:{“自定义”:{“属性”:{“活动名称”:{“类型”:“文本”}}}}}}}}
这没有帮助:(我的错,我忘了删除值中的
*
…请参阅我的更新答案非常感谢!但仍然不起作用:((现在我想起了为什么我喜欢在SQL上呆这么长时间的原因。。。。