以下是Elastic Search API返回的文档结构:
{
"process_name":"process01",
"beat":
{
"hostname":"12345","name":"blablabla"
},
}
按process_name过滤很简单,但是如何通过嵌套在beat中的host_name进行过滤?
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { beat: { "hostname":"12345" } } }
]
}
}
}
错误消息1:
(未能反序列化对象类型=类com.logshero.api.SearchApiRequest):
{
"size":10000,
"query" : {
"bool" : {
"should": [
{ "match" : { "process_name" : "process01" } },
{ "match" : { "process_name" : "process02" } }
],
"must": [
{ "match" : { "hostname":"12345" } }
]
}
}
}
错误消息2:
{&#34;命中&#34; {&#34;总&#34;:0,&#34; MAX_SCORE&#34;:空,&#34;命中&#34;:[]}} < / p>
答案 0 :(得分:1)
您可以使用以下查询。您还必须确保映射中的节拍定义为嵌套类型。
{
"size": 10000,
"query": {
"bool": {
"should": [{
"match": {
"process_name": "process01"
}
}, {
"match": {
"process_name": "process02"
}
}],
"must": [{
"match": {
"beat.hostname": "12345"
}
}]
}
}
}
由于