我正在使用curl查询来尝试从我的elasticsearch实例获取数据。我所有的索引和类型都有一个@timestamp字段调用,它使用“strict_date_optional_time”格式。但是每次我尝试在该字段上使用范围过滤器时,查询都会失败。
我执行的查询:
curl 'localhost:X/logstash-*/traces_console/_search' -d '{
"query" : {
"bool": {
"must": [
{ "match_all": {} }
],
"filter": [
{ "range":
{ "@timestamp":
"gte": "2018-02-20T13:55:06.387Z",
"lte": "2018-02-23T13:55:06.387Z"
}
}
]
}}
}'
错误消息:
"reason":{
"type":"query_parsing_exception",
"reason":"[range] query does not support [@timestamp]",
"index":"logstash-2018.02.06","line":10,"col":21
}
我不明白为什么这个错误不断弹出。当我查看有关此问题的大多数出版物时,所有使用日期格式的人都可以使用查询。如果您有任何关于为什么它不起作用的提示或线索,我将不胜感激。
这里有一些有用的信息:
环境
从logstash生成的映射
"traces_console":{
"properties":{
"@timestamp":{
"type":"date",
"format":"strict_date_optional_time||epoch_millis"
},
"@version":{"type":"string"},
"Method":{"type":"string"},
"RequestSize":{"type":"string"},
"ResponseSize":{"type":"string"},
"ResponseTime":{"type":"string"},
"SubSystem":{"type":"string"},
"column1":{"type":"string"},
"column2":{"type":"string"},
"column3":{"type":"string"},
"column4":{"type":"string"},
"column5":{"type":"string"},
"host":{"type":"string"},
"path":{"type":"string"},
"type":{"type":"string"}
}
}
提供 flex 搜索的Logstash配置文件
input {
file {
path => "LOG_PATH/TRACES_CONSOLE.log"
start_position => "beginning"
type => "traces_console"
}
}
filter {
csv {
separator => ";"
columns => ["Method","RequestSize","ResponseSize","ResponseTime","SubSystem"]
source => message
convert => {
"RequestSize" => "date"
"ResponseSize" => "date"
}
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => ["localhost:X"]
}
}
最佳答案
您的Range Query syntax不正确,您需要额外的花括号:
{ "range":
{ "@timestamp": {
"gte": "2018-02-20T13:55:06.387Z",
"lte": "2018-02-23T13:55:06.387Z"
}
}
}
关于curl - 范围查询不支持Elasticsearch字段,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48988745/