Elasticsearch:通配符查询返回错误

时间:2015-08-22 20:20:37

标签: elasticsearch

我的ES数据库中有以下数据

{
   "took": 3,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 618,
      "max_score": 1,
      "hits": [
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "4",
            "_score": 1,
            "_source": {
               "username": "balpha",
               "timestamp": "2011-03-04T00:00:00",
               "identifier": "4",
               "messages": [
                  {
                     "message": "\n \n \n\r\n                    @Iszi new feature:                      \r\n                \n\n\n",
                     "identifier": "604694"
                  },
                  {
                     "message": "\n \n\n3A: Chat clean up & owner rulesSure. In most cases, the room owner is more or less arbitrary, because it's just the person who was first to create the (e.g.) PHP room. But of course it makes sense to have several owners, especially for rooms that are quite active and have developed their own \"style\", and have those owners be p...\n\n\n\n",
                     "identifier": "604695"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "4331",
            "_score": 1,
            "_source": {
               "username": "Jenko",
               "timestamp": "2011-01-06T00:00:00",
               "identifier": "4331",
               "messages": [
                  {
                     "message": "\n \n\n0Q: Prevent acccess to the C driveIs it possible to prevent regular users from accessing or modifying the C drive? they should be allowed to execute certain programs. This is to ensure that employees cannot steal or copy out proprietary software even though they should be able to execute it.\n\nThis is for Windows XP/7.\nsecurity protection access-control\n\n\n\n",
                     "identifier": "290604"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "4728",
            "_score": 1,
            "_source": {
               "username": "JHarley1",
               "timestamp": "2011-01-12T00:00:00",
               "identifier": "4728",
               "messages": [
                  {
                     "message": "\n \n\r\n                    I am just reading up on Kerberos in regards to application security, does anyone know anything about it?                      \r\n                \n\n\n",
                     "identifier": "308589"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "6356",
            "_score": 1,
            "_source": {
               "username": "itsnotvalid",
               "timestamp": "2011-01-29T00:00:00",
               "identifier": "6356",
               "messages": [
                  {
                     "message": "\n \n\r\n                    well, i can talk without being a member in security.sx                      \r\n                \n\n\n",
                     "identifier": "428619"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "4658",
            "_score": 1,
            "_source": {
               "username": "Essobi",
               "timestamp": "2011-01-20T00:00:00",
               "identifier": "4658",
               "messages": [
                  {
                     "message": "\n \n\r\n                    doing fine                      \r\n                \n\n\n",
                     "identifier": "389309"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "6705",
            "_score": 1,
            "_source": {
               "username": "Richard Gadsden",
               "timestamp": "2011-05-14T00:00:00",
               "identifier": "6705",
               "messages": [
                  {
                     "message": "\n \n\r\n                    Afternoon, @ScottPack (3:25pm here)                      \r\n                \n\n\n",
                     "identifier": "978411"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "12635",
            "_score": 1,
            "_source": {
               "username": "WZeberaFFS",
               "timestamp": "2011-05-06T00:00:00",
               "identifier": "12635",
               "messages": [
                  {
                     "message": "\n \n\r\n                    @Iszi agreed +1 :)                      \r\n                \n\n\n",
                     "identifier": "933929"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "13335",
            "_score": 1,
            "_source": {
               "username": "Justin",
               "timestamp": "2011-04-29T00:00:00",
               "identifier": "13335",
               "messages": [
                  {
                     "message": "\n \n\r\n                    @ThomasPornin Shouldn't the encyclopedia only include questions as such? So if said question is a terrible one why not correct the question to meet the answer?                      \r\n                \n\n\n",
                     "identifier": "903332"
                  },
                  {
                     "message": "\n \n\r\n                    Nevermind, I just thought about it.                      \r\n                \n\n\n",
                     "identifier": "903334"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "1084",
            "_score": 1,
            "_source": {
               "username": "Ben Pilbrow",
               "timestamp": "2011-03-30T00:00:00",
               "identifier": "1084",
               "messages": [
                  {
                     "message": "\n \n\r\n                    We'll get a complaining post on Meta if we're not careful. Something to strive for I guess :-)                      \r\n                \n\n\n",
                     "identifier": "752945"
                  }
               ]
            }
         },
         {
            "_index": "secse",
            "_type": "monologue",
            "_id": "10608",
            "_score": 1,
            "_source": {
               "username": "Fred1234",
               "timestamp": "2011-04-08T00:00:00",
               "identifier": "10608",
               "messages": [
                  {
                     "message": "\n \n\r\n                    Hi guys...                      \r\n                \n\n\n",
                     "identifier": "795968"
                  }
               ]
            }
         }
      ]
   }
}

我想使用以下查询返回时间戳为2011的所有条目:

GET _search
{"query" : {
    "wildcard" : { "timestamp" : "2011*" }
}
}

但是我收到了以下错误:

{
   "error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[vqcfh1FdQyGetag21_zKTQ][secse][0]: SearchParseException[[secse][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n        \"wildcard\" : { \"timestamp\" : \"2011*\" }\n    }\n    }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][1]: SearchParseException[[secse][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n        \"wildcard\" : { \"timestamp\" : \"2011*\" }\n    }\n    }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][2]: SearchParseException[[secse][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n        \"wildcard\" : { \"timestamp\" : \"2011*\" }\n    }\n    }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][3]: SearchParseException[[secse][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n        \"wildcard\" : { \"timestamp\" : \"2011*\" }\n    }\n    }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }{[vqcfh1FdQyGetag21_zKTQ][secse][4]: SearchParseException[[secse][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\"query\" : {\n        \"wildcard\" : { \"timestamp\" : \"2011*\" }\n    }\n    }\n]]]; nested: IllegalArgumentException[Invalid format: \"2011*\" is malformed at \"*\"]; }]",
   "status": 400
}

1 个答案:

答案 0 :(得分:1)

所以基本上你想要所有时间戳都在2011年的文件。你可以用range query更简单有效地做到这一点。

试试这个:

curl -XPOST localhost:9200/_search -d '{
    "query": {
        "range": {
            "timestamp": {
                "gte": "2011",
                "lte": "2011",
                "format": "yyyy"
            }
        }
    }
}'