- elasticsearch/
elasticsearch 如何在输出中仅从elasticsearch获取一个字段?
elasticsearch 如何在输出中仅从elasticsearch获取一个字段?
我想得到像这样的输出
{
"took": 5,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1999,
"relation": "eq"
},
"max_score": 1.0,
"hits": [
{
"_index": "logstash-2021.01.13-000001",
"_type": "_doc",
"_id": "lVef-3YBI8ZVMz0vOphU",
"_score": 1.0,
"_source": {
"host": {
"name": "AAD-W1PF14DMMK"
},
"@timestamp": "2021-01-13T12:01:19.794Z",
"log": {
"file": {
"path": "C:\\elk\\test.log"
},
"offset": 158
},
"type": "test",
"tags": [
"beats_input_codec_plain_applied"
],
"ecs": {
"version": "1.6.0"
},
"agent": {
"hostname": "AAD-W1PF14DMMK",
"type": "filebeat",
"name": "AAD-W1PF14DMMK",
"id": "4aa46436-264c-40ba-a24a-17af072c8363",
"version": "7.10.1",
"ephemeral_id": "18c7451e-78a8-4806-b43f-5ebae812b533"
},
"@version": "1",
"message": "2015-10-18 18:01:48,963 INFO [main] org.apache.hadoop.mapreduce.v2.app.MRAppMaster: Executing with tokens:"
}
},
}
{ "message": "2015-10-18 18:01:48,963 INFO [main] org.apache.hadoop.mapreduce.v2.app.MRAppMaster: Executing with tokens:" }
替代解决方案是什么???您的查询是正确的。该错误与执行
\u搜索请求的方式有关
而不是访问
GET localhost:9200/_search?filter_path=hits.hits._source
{
"_source": {
"includes": ["message"]
},
"query": {
"multi_match" : {
"query": "ERROR",
"fields": [ "message"]
}
}
}
使用具体的索引名——在您的例子中:
GET localhost:9200/_search...
{ ... }
提示:也支持通配符索引名:
GET localhost:9200/logstash-2021.01.13-000001/_search...
{ ... }
多索引查询也是如此:
GET localhost:9200/logstash-2021*/_search...
{ ... }
嗨,但在这种情况下,我得到了其他领域以及。请检查一下我期望的输出。。我只想要json格式的“消息”,而不是点击、标记、分数、代理等查询负载——我只是说你正在访问的URL。哦,好吧,但这就是问题所在。。GET localhost:9200/\u search?filter\u path=hits.hits.\u source当我使用query filter\u path时,它会显示一个弃用警告。还有其他选择吗?请重新阅读答案:):9200/\u search
已被弃用。使用:9200/您的索引名/\u搜索。如果URL中的端口
和\u search
参数之间没有任何内容,那么您正在搜索所有索引(表)。哦,我的糟糕!!非常感谢,伙计!!它很有魅力!
GET localhost:9200/logstash-2021*,logstash-2020*/_search...
{ ... }