Time msg.level msg.message msg.pid msg.pod_name msg.tag msg.tid msg.time
July 16th 2018, 10:14:41.913 Debug queryById : SELECT * FROM PLAN WHERE _id = 730; 5059 pod PopupNaiAccessibility 5059 07-10 11:02:00.476
July 16th 2018, 10:14:41.913 Error queryById : N WHERE_id = 730; 5051 pod ActivityManar 5051 07-10 11:05:00.489
July 16th 2018, 10:14:41.913 Verbose queryById : SELECT * FROM PLAN WHERE _id = 730; 5052 pod ActivityManager 5052 07-10 11:02:00.489
elasticsearch中有一些数据,数据格式如上。我想通过msg.message和msg.tag字段查询一些关键字(例如SELECT)(忽略大小写和模糊匹配)。并按msg.level和msg.pod_name进行过滤,该如何编写查询DSL。我已经尝试了以下DSL,但是无法获取任何数据。
body = {
"query": {
"bool": {
"must": {
"multi_match" : {
"query": keyword,
"fields": [ "msg.message", "msg.tag"],
"operator": "or"
}
},
"filter": [
{"term": {"msg.pod_name": "pod"}},
{"terms": {"msg.level": ["Debug", "Error"]}}
]
}
},
"from": 0,
"size": 100,
"sort": [{ "msg.time" : {"order" : "asc"}}],
}