这是由Elastic Search API返回的文档结构:{
"process_name":"process01",
"beat":
{
"hostname":"12345","name":"blablabla"
},
}
通过process_name进行过滤很容易,但是如何通过嵌套在beat中的host_name进行过滤呢?
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { beat: { "hostname":"12345" } } }
]
}
}
}错误消息1:
(failed to deserialize object type=class com.logshero.api.SearchApiRequest):
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { "hostname":"12345" } }
]
}
}
}错误消息2:
{"hits":{"total":0,"max_score":null,"hits":[]}}
最佳答案
您可以使用以下查询。您还必须确保将映射中的节拍定义为嵌套类型。
{
"size": 10000,
"query": {
"bool": {
"should": [{
"match": {
"process_name": "process01"
}
}, {
"match": {
"process_name": "process02"
}
}],
"must": [{
"match": {
"beat.hostname": "12345"
}
}]
}
}
}
谢谢
关于json - Elasticsearch 嵌套过滤器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42639828/