我正在尝试根据群集字段以及podName字段是否具有值进行过滤。
然后,我想过滤掉某些具有特定值的字段,但获得除指定的群集字段以外的其他值。
因此,以下查询还将返回cluster2和cluster3的值。
我不知道什么是正确的语法。
{
"size":50,
"query":{
"bool":{
"must":[
{
"range":{
"timestamp":{
"gte":"now-1h"
}
}
},
{
"query_string":{
"query":"(podstatus.podName:* AND cluster:cluster1) AND NOT podstatus.containerStatus:true AND NOT podstatus.phase:Running AND NOT podstatus.phase:Succeeded AND NOT podstatus.started: true"
}
}
]
}
}
}
{
"timestamp": "2020-07-09T17:30:04",
"cluster": "cluster1",
"namespace": "kube-system",
"podstatus.podName": "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus": "false",
"podstatus.restartCount": 0,
"podstatus.started": "false",
"podstatus.phase": "Succeeded"
}
{
"cluster-resources-cluster1-2020.07.08-000001" : {
"mappings" : {
"properties" : {
"allocated" : {
"properties" : {
"pods-percent" : {
"type" : "float"
}
}
},
"capacity" : {
"properties" : {
"cpu" : {
"type" : "long"
},
"mem" : {
"type" : "long"
},
"pods" : {
"type" : "long"
}
}
},
"cluster" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"depstatus" : {
"properties" : {
"availableReplicas" : {
"type" : "long"
},
"deploymentName" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"readyReplicas" : {
"type" : "long"
},
"replicas" : {
"type" : "long"
},
"unavailableReplicas" : {
"type" : "long"
},
"updatedReplicas" : {
"type" : "long"
}
}
},
"namespace" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"podstatus" : {
"properties" : {
"containerStatus" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"phase" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"podName" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"restartCount" : {
"type" : "long"
},
"started" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"requests" : {
"properties" : {
"cpu" : {
"type" : "long"
},
"cpu-percent" : {
"type" : "float"
},
"mem" : {
"type" : "long"
},
"mem-percent" : {
"type" : "float"
},
"pods" : {
"type" : "long"
}
}
},
"timestamp" : {
"type" : "date"
}
}
}
}
}
最佳答案
您的查询似乎工作正常。但是,我将发布以下步骤,如果您能以类似方式找到任何观察结果,请告诉我。
我已经完成了映射,创建了示例文档,您共享的查询以及得到的响应。
对应:
PUT cluster_index_001
{
"mappings" : {
"properties" : {
"allocated" : {
"properties" : {
"pods-percent" : {
"type" : "float"
}
}
},
"capacity" : {
"properties" : {
"cpu" : {
"type" : "long"
},
"mem" : {
"type" : "long"
},
"pods" : {
"type" : "long"
}
}
},
"cluster" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"depstatus" : {
"properties" : {
"availableReplicas" : {
"type" : "long"
},
"deploymentName" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"readyReplicas" : {
"type" : "long"
},
"replicas" : {
"type" : "long"
},
"unavailableReplicas" : {
"type" : "long"
},
"updatedReplicas" : {
"type" : "long"
}
}
},
"namespace" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"podstatus" : {
"properties" : {
"containerStatus" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"phase" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"podName" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"restartCount" : {
"type" : "long"
},
"started" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"requests" : {
"properties" : {
"cpu" : {
"type" : "long"
},
"cpu-percent" : {
"type" : "float"
},
"mem" : {
"type" : "long"
},
"mem-percent" : {
"type" : "float"
},
"pods" : {
"type" : "long"
}
}
},
"timestamp" : {
"type" : "date"
}
}
}
}
POST cluster_index_001/_doc/1
{
"timestamp": "2020-07-09T17:30:04",
"cluster": "cluster1",
"namespace": "kube-system",
"podstatus.podName": "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus": "false",
"podstatus.restartCount": 0,
"podstatus.started": "false",
"podstatus.phase": "Failed"
}
POST cluster_index_001/_doc/2
{
"timestamp": "2020-07-10T17:30:04",
"cluster": "cluster1",
"namespace": "kube-system",
"podstatus.podName": "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus": "false",
"podstatus.restartCount": 0,
"podstatus.started": "false",
"podstatus.phase": "Failed"
}
POST cluster_index_001/_doc/3
{
"timestamp": "2020-07-10T17:30:04",
"cluster": "cluster2",
"namespace": "kube-system",
"podstatus.podName": "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus": "false",
"podstatus.restartCount": 0,
"podstatus.started": "false",
"podstatus.phase": "Failed"
}
POST cluster_index_001/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-2d"
}
}
},
{
"query_string": {
"query":"(podstatus.podName:* AND cluster:cluster1) AND NOT podstatus.containerStatus:true AND NOT podstatus.phase:Running AND NOT podstatus.phase:Succeeded AND NOT podstatus.started:true"
}
}
]
}
}
}
cluster.keyword一样使用上面的cluster.keyword:cluster1进行精确匹配。响应:
{
"took" : 86,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 2,
"relation" : "eq"
},
"max_score" : 2.4700036,
"hits" : [
{
"_index" : "cluster_index_001",
"_type" : "_doc",
"_id" : "1",
"_score" : 2.4700036,
"_source" : {
"timestamp" : "2020-07-09T17:30:04",
"cluster" : "cluster1",
"namespace" : "kube-system",
"podstatus.podName" : "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus" : "false",
"podstatus.restartCount" : 0,
"podstatus.started" : "false",
"podstatus.phase" : "Failed"
}
},
{
"_index" : "cluster_index_001",
"_type" : "_doc",
"_id" : "2",
"_score" : 2.4700036,
"_source" : {
"timestamp" : "2020-07-10T17:30:04",
"cluster" : "cluster1",
"namespace" : "kube-system",
"podstatus.podName" : "cronjob-kubernetes-resource-monitor-1594233600-4frbc",
"podstatus.containerStatus" : "false",
"podstatus.restartCount" : 0,
"podstatus.started" : "false",
"podstatus.phase" : "Failed"
}
}
]
}
}
其他调试和更多信息:
此步骤将帮助您进行验证,并让您知道为什么不应该返回的文档正在返回。
例如,对于我来说,样本中的第3个文档没有出现在响应中,而找出该问题的方法是利用Explain API.
GET cluster_index_001/_explain/3 <----- Note this
{
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-2d"
}
}
},
{
"query_string": {
"query":"podstatus.podName:* AND cluster:cluster1 AND NOT podstatus.containerStatus:true AND NOT podstatus.phase:Running AND NOT podstatus.started: true"
}
}
]
}
}
}
{
"_index" : "cluster_index_001",
"_type" : "_doc",
"_id" : "3",
"matched" : false,
"explanation" : {
"value" : 0.0,
"description" : "Failure to meet condition(s) of required/prohibited clause(s)",
"details" : [
{
"value" : 1.0,
"description" : "ConstantScore(DocValuesFieldExistsQuery [field=timestamp])",
"details" : [ ]
},
{
"value" : 0.0,
"description" : "no match on required clause (+ConstantScore(NormsFieldExistsQuery [field=podstatus.podName]) +cluster:cluster1 -podstatus.containerStatus:true -podstatus.phase:running -podstatus.started:true)",
"details" : [
{
"value" : 0.0,
"description" : "Failure to meet condition(s) of required/prohibited clause(s)",
"details" : [
{
"value" : 1.0,
"description" : "ConstantScore(NormsFieldExistsQuery [field=podstatus.podName])",
"details" : [ ]
},
{
"value" : 0.0,
"description" : "no match on required clause (cluster:cluster1)",
"details" : [
{
"value" : 0.0,
"description" : "no matching term",
"details" : [ ]
}
]
}
]
}
]
}
]
}
}
"description" : "Failure to meet condition(s) of required/prohibited clause(s)"
"description" : "no match on required clause (+ConstantScore(NormsFieldExistsQuery [field=podstatus.podName]) +cluster:cluster1 -podstatus.containerStatus:true -podstatus.phase:running -podstatus.started:true)",
此外,如果仍然无法解决问题,请确保以下几点:
"cluster": "cluster2, cluster1" http://<your_host_name>:<port>/cluster-resources-cluster1-2020.07.08-000001/_settings,然后观察是否有针对以下目的实现的自定义分析器: Edge Ngrams或Ngrams,以及您的standard分析器是否已被覆盖。 http://<your_host_name>:<port>/cluster-resources-cluster1-2020.07.08-000001/_stats?pretty,并注意是否发现任何奇怪的东西。 一次做一件事,请分享您的看法,我们可以看到问题所在。
关于json - 弹性query_string返回不需要的值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62819546/