elasticsearch 为什么elasticsearch筛选器不提供任何结果,而使用kibana dasboard提供结果?,elasticsearch,kibana,sense,elasticsearch,Kibana,Sense" /> elasticsearch 为什么elasticsearch筛选器不提供任何结果,而使用kibana dasboard提供结果?,elasticsearch,kibana,sense,elasticsearch,Kibana,Sense" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 为什么elasticsearch筛选器不提供任何结果,而使用kibana dasboard提供结果?

elasticsearch 为什么elasticsearch筛选器不提供任何结果,而使用kibana dasboard提供结果?

kibana

elasticsearch 为什么elasticsearch筛选器不提供任何结果,而使用kibana dasboard提供结果?,elasticsearch,kibana,sense,elasticsearch,Kibana,Sense,我正在使用sense进行弹性搜索。当在字段上使用范围过滤器时,我会得到空的点击,但我可以使用kibana仪表板获得结果。为什么过滤器不工作?我的问题是: GET _search { "query": { "bool": { "must": [ {"match": {"field_name1": "value1"}}, {"match": {"file_name2": "value2"}} ] } }, "fi

我正在使用sense进行弹性搜索。当在字段上使用范围过滤器时,我会得到空的点击,但我可以使用kibana仪表板获得结果。为什么过滤器不工作?我的问题是:

GET _search
{
  "query": { 
    "bool": { 
      "must": [
        {"match": {"field_name1": "value1"}},
        {"match": {"file_name2": "value2"}}
      ]
    }
  },
  "filter": {             <- not working (no data, but gets data from kibana)
    "range": {
      "@timestamp": {
        "gte": "2017-02-18"
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "ignore_unmapped" : true
      }
    }
  ]
}
谢谢

json响应示例:

{
  "took": some_number,
  "timed_out": false,
  "_shards": {
    "total": some_number,
    "successful": some_number,
    "failed": 0
  },
  "hits": {
    "total": some_number,
    "max_score": null,
    "hits": [
      {
        "_index": "index-name",
        "_type": "log-1",
        "_id": "alphanum",
        "_score": null,
        "_source": {
          "headers": "header-string",
          "query_string": "query-string",
          "server_variables": "server-variables",
          "cookies": "cookies",
          "extra_data": "some extra stuff",
          "exception_data_obj": {
            "stack_trace": "",
            "source": "",
            "message": "success",
            "additional_data": ""
          },
          "some_id": "211FA1F1-F312-1234-B539-F7AAE23EAA2F",
          "level": "Warn",
          "description": "Success",
          "@timestamp": "2017-01-20T01:33:27.303Z",
          "field1": "value1",
          "field2": "value2"
          "key": {
            "key.field1": "key.value1",
            "key.field2": "key.value2"
          }
          "@by": "app-name",
          "environment": "env-name"
        },
        "sort": [
          1484876007303
        ]
      },
      {}
    ]
  }
}
这不是同一个查询,从这个意义上说,您要求的查询必须在字段1和字段2上查询,但在kibana中,您没有

elasticsearch的默认日期时间格式是UTC,请尝试在查询中将格式更改为UTC。另请参考
2017-01-20T00:00Z
给出相同的结果您可以发布json数据示例吗? 
{
  "took": some_number,
  "timed_out": false,
  "_shards": {
    "total": some_number,
    "successful": some_number,
    "failed": 0
  },
  "hits": {
    "total": some_number,
    "max_score": null,
    "hits": [
      {
        "_index": "index-name",
        "_type": "log-1",
        "_id": "alphanum",
        "_score": null,
        "_source": {
          "headers": "header-string",
          "query_string": "query-string",
          "server_variables": "server-variables",
          "cookies": "cookies",
          "extra_data": "some extra stuff",
          "exception_data_obj": {
            "stack_trace": "",
            "source": "",
            "message": "success",
            "additional_data": ""
          },
          "some_id": "211FA1F1-F312-1234-B539-F7AAE23EAA2F",
          "level": "Warn",
          "description": "Success",
          "@timestamp": "2017-01-20T01:33:27.303Z",
          "field1": "value1",
          "field2": "value2"
          "key": {
            "key.field1": "key.value1",
            "key.field2": "key.value2"
          }
          "@by": "app-name",
          "environment": "env-name"
        },
        "sort": [
          1484876007303
        ]
      },
      {}
    ]
  }
}