检查数组是否在logstash中包含值
假设我创建了这样一个字段:检查数组是否在logstash中包含值,logstash,Logstash,假设我创建了这样一个字段: "market": [ { "name": ["name1","name2","name3","name4","name5" ] }, {"place":["P1","P2","P3"]} ] "query": { "nested" : { "path" : "market", "query" : {
"market": [
{
"name": ["name1","name2","name3","name4","name5" ]
},
{"place":["P1","P2","P3"]}
]
"query": {
"nested" : {
"path" : "market",
"query" : {
"bool" : {
"filter" :
{"query_string" : {
"query" : "market.name:(name3 OR name4)"
}
}
}
}
}
}
filter {
elasticsearch {
hosts => "localhost:9200"
index=>"admin"
query => 'market.name:(name3 OR name4)'
sort => "_id:asc"
fields => {host_machine => 'host_machine' }
}
}
我做错了什么?它工作正常。just market字段不应为嵌套类型。在这种情况下(如果是嵌套的),我们使用如下查询模板选项:
"market": [
{
"name": ["name1","name2","name3","name4","name5" ]
},
{"place":["P1","P2","P3"]}
]
"query": {
"nested" : {
"path" : "market",
"query" : {
"bool" : {
"filter" :
{"query_string" : {
"query" : "market.name:(name3 OR name4)"
}
}
}
}
}
}
它工作正常。just market字段不应为嵌套类型。在这种情况下(如果是嵌套的),我们使用如下查询模板选项:
"market": [
{
"name": ["name1","name2","name3","name4","name5" ]
},
{"place":["P1","P2","P3"]}
]
"query": {
"nested" : {
"path" : "market",
"query" : {
"bool" : {
"filter" :
{"query_string" : {
"query" : "market.name:(name3 OR name4)"
}
}
}
}
}
}