- elasticsearch/
elasticsearch 在ElasticSearch(Kibana)中执行部分字符串匹配
elasticsearch 在ElasticSearch(Kibana)中执行部分字符串匹配
我在Kibana有以下财产名称
{
"source": {
"type": "id",
"id": "src_gn266o4vf5nevifl663fx3oggy"
},
"amount": 1234,
"currency": "AED",
"capture": true
}
{
"query": {
"match": {
"e.Properties.RequestBody": {
"query": "'source''type''id''id''src_*'",
"type": "phrase"
}
}
}
}
您可以使用通配符查询:
GET index_name/_search
{
"query": {
"wildcard": {
"source.id": {
"value": "src_*"
}
}
}
{
虽然其他答案和类似的评论会带来预期的搜索结果,但它们的性能不是很好,在大型Elasticsearch集群上会导致严重的性能问题,以后很难对它们进行故障排除 您的用例非常适合s,这就是为什么Elasticsearch有这种特殊类型的查询,下面的示例显示了它如何返回您期望的结果示例(为简单起见,只有一个字段
id你试过了吗?你可以只做
src.*src.{
"mappings": {
"properties": {
"id": {
"type": "text"
}
}
}
}
{
"id" : "src_opster"
}
{
"id" : "dest_opster"
}
{
"id" : "src_1234"
}
{
"id" : "src_gn266o4vf5nevifl663fx3oggy"
}
{
"query": {
"prefix": {
"id": { --> change it to `source.id` in your case
"value": "src_"
}
}
}
}
"hits": [
{
"_index": "so_regex",
"_type": "_doc",
"_id": "1",
"_score": 1.0,
"_source": {
"id": "src_gn266o4vf5nevifl663fx3oggy"
}
},
{
"_index": "so_regex",
"_type": "_doc",
"_id": "4",
"_score": 1.0,
"_source": {
"id": "src_1234"
}
},
{
"_index": "so_regex",
"_type": "_doc",
"_id": "3",
"_score": 1.0,
"_source": {
"id": "src_opster"
}
}
]