- elasticsearch/
elasticsearch Kibana有时返回完全不相关的结果
elasticsearch Kibana有时返回完全不相关的结果
我们使用Logstash、elasticsearch和kibana来处理和搜索我们的日志 通常,我们在搜索时,Kibana会返回不包含搜索项的结果 例如,我们搜索准确的短语-以下是查询
curl -XGET 'http://logs.magick.nu/kibana2/logstash-2014.10.17,logstash-2014.10.16/_search?pretty' -d '{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "COND_30892c7a490e154e01490e2dcf7a0008(2)"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1413471279957,
"to": 1413557679958
}
}
}
]
}
}
}
},
"highlight": {
"fields": {},
"fragment_size": 2147483647,
"pre_tags": [
"@start-highlight@"
],
"post_tags": [
"@end-highlight@"
]
},
"size": 500,
"sort": [
{
"@timestamp": {
"order": "desc",
"ignore_unmapped": true
}
},
{
"@timestamp": {
"order": "desc",
"ignore_unmapped": true
}
}
]
}'
{
"_index": "logstash-2014.10.17",
"_type": "app SwitchYard",
"_id": "unti1lWJRTelQd4N5_LVjA",
"_score": null,
"_source": {
"message": "2014/10/17 13:50:43,739 [com.domain.Connector.service.ent.BasicJMSTickListener] (NJ4X-63) Sending market info for product symbol to JMS topic. Broker Server: broker.Demo. Account Number: 1235. StrategyId: 4028e49447ac4296147af921d5f00b. OrderCount: 2",
"@version": "1",
"@timestamp": "2014-10-17T14:24:32.193Z",
"type": "app SwitchYard",
"tags": [
"node"
],
"domain": "trading1-magickdev.amakitu.com",
"env": "DEV",
"host": "nodelarge.amakitu.com",
"path": "/var/lib/openshift/541723389821cc77c2000167/jbosseap/logs/server.log"
},
"sort": [
1413555872193,
1413555872193
]
}
有什么问题吗?如果看不到确切的查询,很难判断。使用kibana inspect按钮向elasticsearch显示完整的查询。嗨,Roman,我已经更新了我的问题,以显示精确的查询。我仍然看不到查询…另外,当您在查看时,发布应用程序开关站类型的映射Hi Roman,我添加了精确的查询。将返回映射。