- elasticsearch/
elasticsearch 如何使用java api在elasticsearch中搜索特定日期和时间范围内的日志
elasticsearch 如何使用java api在elasticsearch中搜索特定日期和时间范围内的日志
我是elasticsearch及其java api的新手。我确实尝试过编写hello world java程序来搜索一些字符串,我在QueryBuilder中使用了matchQuery函数,效果很好。代码如下所示 代码: 输出:
*****************Hits***************104
#########{"message":"TID: [0] [ESB] [2015-02-05 18:06:14,458] DEBUG {org.apache.synapse.transport.vfs.VFSTransportListener} - Scanning directory or file : smb://test\":***@\"localhost/SambaShareIn {org.apache.synapse.transport.vfs.VFSTransportListener}","@version":"1","@timestamp":"2015-03-03T06:34:05.879Z","type":"syslog","host":"ubuntu","path":"/home/abc/Documents/wso2esb-4.8.0/repository/logs/wso2carbon.log","tenant_id":"0","server_type":"ESB","timestamp":"2015-02-05 18:06:14,458","level":"DEBUG","java_class":"org.apache.synapse.transport.vfs.VFSTransportListener","log_message":"Scanning directory or file : smb://test\":***@\"localhost/SambaShareIn {org.apache.synapse.transport.vfs.VFSTransportListener}"}
*****************Hits***************[Lorg.elasticsearch.search.internal.InternalSearchHit;@2eaae131
********Test Case Passed*******
org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to execute phase [query], all shards failed; shardFailures {[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][0]: SearchParseException[[logstash-2015.03.03][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@6e98e93a; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][1]: SearchParseException[[logstash-2015.03.03][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@5a4f889; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][2]: SearchParseException[[logstash-2015.03.03][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@6e98e93a; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][3]: SearchParseException[[logstash-2015.03.03][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@78f8178f; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][4]: SearchParseException[[logstash-2015.03.03][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@3e11473; line: 1, column: 7]]; }
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:233)
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$1.onFailure(TransportSearchTypeAction.java:179)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:565)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Exception in thread "main" java.lang.NullPointerException
at nl.weIntegrtae.Search.ElasticSearch.main(ElasticSearch.java:78)
致以最诚挚的问候,查询是错误的。。使用json查询或纯java查询。您可以在日期范围查询的弹性搜索查询dsl上看到它。 它既有json查询,也有java查询。 为了进行json查询,您可以使用sense插件进行弹性搜索。 这样地 Json查询-- } 或者在java中制作q querybuilder并将其设置为setQuery方法
QueryBuilder qb = QueryBuilders
.rangeQuery("timestamp")
.from("now-24")
.to("now");
是否提供时间戳字段或elasticsearch??这是弹性搜索,如果提供的话,它必须是我的时间戳。你也可以检查一下你是否真的有过去24小时的数据。谢谢@Satya Nand kanodia的帮助。现在它对我来说很有意义,但当我运行它时,即使在弹性搜索中创建了节点,它也不会检索结果。我已经通过安装头部插件检查了节点。你能为它引路吗?不,它是我的。我已经创建了它。你有过去24小时的数据吗?你也可以发布你查询时得到的回复吗。
org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to execute phase [query], all shards failed; shardFailures {[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][0]: SearchParseException[[logstash-2015.03.03][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@6e98e93a; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][1]: SearchParseException[[logstash-2015.03.03][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@5a4f889; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][2]: SearchParseException[[logstash-2015.03.03][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@6e98e93a; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][3]: SearchParseException[[logstash-2015.03.03][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@78f8178f; line: 1, column: 7]]; }{[ewJbD-euTBybuTt1-vgGgQ][logstash-2015.03.03][4]: SearchParseException[[logstash-2015.03.03][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query_binary":"cmFuZ2UgOiB7dGltZXN0YW1wIDoge2d0IDogbm93LTI0aH19","explain":true}]]]; nested: QueryParsingException[[logstash-2015.03.03] Failed to parse]; nested: JsonParseException[Unrecognized token 'range': was expecting ('true', 'false' or 'null')
at [Source: [B@3e11473; line: 1, column: 7]]; }
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:233)
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$1.onFailure(TransportSearchTypeAction.java:179)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:565)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Exception in thread "main" java.lang.NullPointerException
at nl.weIntegrtae.Search.ElasticSearch.main(ElasticSearch.java:78)
{
"range" : {
"timestamp" : {
"gte": "now-24"
}
}
QueryBuilder qb = QueryBuilders
.rangeQuery("timestamp")
.from("now-24")
.to("now");