elasticsearch" />
elasticsearch,Perl,使用perl客户端进行Elasticsearch搜索
我试图做一些简单的事情,但我无法让它工作。为了找到perl search::elsticsearch的详细文档,我已经到处查找。我只能找到CPAN文档,就搜索而言,它几乎没有被提及。我在这里搜索过,找不到重复的问题 我有elasticsearch和filebeat。Filebeat正在向elasticsearch发送系统日志。我只想搜索文本和日期范围匹配的邮件。我可以找到消息,但当我尝试添加日期范围时,查询失败。这是来自kibana开发工具的查询使用perl客户端进行Elasticsearch搜索,perl,
elasticsearch,Perl,
GET _search
{
"query": {
"bool": {
"filter": [
{ "term": { "message": "metrics" }},
{ "range": { "timestamp": { "gte": "now-15m" }}}
]
}
}
}
my $results=$e->search(
body => {
query => {
bool => {
filter => {
term => { message => 'metrics' },
range => { timestamp => { 'gte' => 'now-15m' }}
}
}
}
}
);
[Request] ** [http://x.x.x.x:9200]-[400]
[parsing_exception]
[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME],
with: {"col":69,"line":1}, called from sub Search::Elasticsearch::Role::Client::Direct::__ANON__
at ./elasticsearchTest.pl line 15.
With vars: {'body' => {'status' => 400,'error' => {
'root_cause' => [{'col' => 69,'reason' => '[range]
malformed query, expected [END_OBJECT] but found [FIELD_NAME]',
'type' => 'parsing_exception','line' => 1}],'col' => 69,
'reason' => '[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]',
'type' => 'parsing_exception','line' => 1}},'request' => {'serialize' => 'std',
'path' => '/_search','ignore' => [],'mime_type' => 'application/json',
'body' => {
'query' => {
'bool' =>
{'filter' => {'range' => {'timestamp' => {'gte' => 'now-15m'}},
'term' => {'message' => 'metrics'}}}}},
'qs' => {},'method' => 'GET'},'status_code' => 400}
有人能帮我找出如何使用search::elasticsearch perl模块进行搜索吗?多个筛选器子句必须作为数组中的单独JSON对象传递(就像在初始JSON查询中一样),而不是在同一JSON对象中传递多个筛选器。这映射到必须如何创建Perl数据结构
filter => [
{term => { message => 'metrics' }},
{range => { timestamp => { 'gte' => 'now-15m' }}}
]
成功了。谢谢你的帮助。现在我对perl客户机的工作方式有了更好的理解。