elasticsearch 在索引中匹配/搜索失败
我试图搜索我的索引,但使用文档化的elasticsearch 在索引中匹配/搜索失败,elasticsearch,kibana,elasticsearch,Kibana,我试图搜索我的索引,但使用文档化的match语法失败 这是我们的调查结果 GET apm-7.6.2-transaction-000001/_search { "_source": ["transaction.custom.campaign_name"], "query": { "match_all": {} } } 返回 { "took" : 1, "timed_out" : false, "_shards" : { "total" :
match
语法失败
这是我们的调查结果
GET apm-7.6.2-transaction-000001/_search
{
"_source": ["transaction.custom.campaign_name"],
"query": {
"match_all": {}
}
}
返回
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 6,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
...
但当我尝试筛选结果并仅获取值时,其中transaction.custom.campaign_名称处于某个特定值
GET apm-7.6.2-transaction-000001/_search
{
"query": {
"match" : {
"transaction.custom.campaign_name": "ca*"
}
}
}
我的点击率为零:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
有人能告诉我这里的问题吗
多谢各位
PS:这里是一个单打的例子,当使用math_all时:
...
{
"_index" : "apm-7.6.2-transaction-000001",
"_type" : "_doc",
"_id" : "8gX_B3IB6W5uorYBtJHZ",
"_score" : 1.0,
"_source" : {
"agent" : {
"name" : "rum-js",
"version" : "5.1.1"
},
"processor" : {
"name" : "transaction",
"event" : "transaction"
},
"labels" : {
"label1" : "ahoi"
},
"observer" : {
"hostname" : "c99d7caa67e7",
"id" : "74cdd7ab-e3e5-4794-972d-cfd54f5f48d4",
"ephemeral_id" : "bab410d0-501b-4a4e-93e8-0b1520992451",
"type" : "apm-server",
"version" : "7.6.2",
"version_major" : 7
},
"trace" : {
"id" : "59986f27506d0ab53a82f74f2669ff0a"
},
"@timestamp" : "2020-05-12T08:28:17.000Z",
"ecs" : {
"version" : "1.4.0"
},
"service" : {
"name" : "test",
"language" : {
"name" : "javascript"
}
},
"client" : {
"ip" : "172.22.0.1"
},
"user" : {
"name" : "mojovski",
"id" : "aabbxx",
"email" : "hi@mail.de"
},
"transaction" : {
"duration" : {
"us" : 425000
},
"custom" : {
"campaign_name" : "campaign_1_welt.de_max-price:4eur",
"stuff" : "stuff"
},
"name" : "Unknown",
"marks" : {
"agent" : {
"domInteractive" : 301,
"domComplete" : 416,
"timeToFirstByte" : 35
},
"navigationTiming" : {
"responseEnd" : 35,
"responseStart" : 35,
"domainLookupEnd" : 1,
"domInteractive" : 301,
"domContentLoadedEventStart" : 317,
"domComplete" : 416,
"domainLookupStart" : 1,
"connectEnd" : 1,
"connectStart" : 1,
"loadEventStart" : 416,
"requestStart" : 34,
"fetchStart" : 0,
"domContentLoadedEventEnd" : 342,
"loadEventEnd" : 421,
"domLoading" : 38
}
},
"page" : {
"referer" : "",
"url" : "http://localhost:8080/"
},
"span_count" : {
"started" : 23
},
"id" : "a6b27cdc0e2299b5",
"type" : "page-load",
"sampled" : true
},
"user_agent" : {
"original" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0",
"os" : {
"name" : "Ubuntu"
},
"name" : "Firefox",
"device" : {
"name" : "Other"
},
"version" : "76.0."
},
"timestamp" : {
"us" : 1589272097000246
}
}
}
...
更新
这是索引的映射,通过读取
获取apm-7.6.2-transaction-000001/\u映射
(由于文件太大,我把它放在gist:)
匹配查询不支持通配符 如果要搜索前缀,可以尝试使用
前缀
查询
GET apm-7.6.2-transaction-000001/_search
{
"query": {
"prefix" : { <-- change this
"transaction.custom.campaign_name": "ca"
}
}
}
GET apm-7.6.2-transaction-000001//u搜索
{
“查询”:{
前缀:{谢谢!不幸的是,这不起作用。可能是因为字段“transaction.custom.campaign_name”仅在某些数据项中可用?然后查询会看起来不一样吗?不,这两种方式都可以。您能用索引的映射更新您的问题吗?谢谢。我更新了问题。顺便说一句,我还尝试通过PUT apm-7.6.2-transaction-000001//u mapping{“properties”:{“transaction”:{“属性”:{“自定义”:{“属性”:{“活动名称”:{“类型”:“文本”}}}}}}}}
这没有帮助:(我的错,我忘了删除值中的*
…请参阅我的更新答案非常感谢!但仍然不起作用:((现在我想起了为什么我喜欢在SQL上呆这么长时间的原因。。。。