在弹性搜索中用正则表达式搜索

时间:2015-10-28 20:54:16

标签: search elasticsearch elasticsearch-query

我正在尝试正则表达式搜索弹性搜索数据库。

到目前为止我的查询(它无效):

#!/usr/bin/env bash

curl -XGET 'http://localhost:9200/logstash-2015.10.27/_search' -d \
'{
   query: {
     "regexp": {
       "@timestamp": {
          value: ".*"
        }
     }
  }
}' | python -m json.tool

我得到的结果是

{
    "error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[DqJwlMoTQ3e8nyl4m7amGw][logstash-2015.10.27][0]: SearchParseException[[logstash-2015.10.27][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   query: {\n     \"regexp\": {\n       \"@timestamp\": {\n          value: \".*\"\n        }\n     }\n  }\n}]]]; nested: IllegalArgumentException[Invalid format: \".*\"]; }{[DqJwlMoTQ3e8nyl4m7amGw][logstash-2015.10.27][1]: SearchParseException[[logstash-2015.10.27][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   query: {\n     \"regexp\": {\n       \"@timestamp\": {\n          value: \".*\"\n        }\n     }\n  }\n}]]]; nested: IllegalArgumentException[Invalid format: \".*\"]; }{[DqJwlMoTQ3e8nyl4m7amGw][logstash-2015.10.27][2]: SearchParseException[[logstash-2015.10.27][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   query: {\n     \"regexp\": {\n       \"@timestamp\": {\n          value: \".*\"\n        }\n     }\n  }\n}]]]; nested: IllegalArgumentException[Invalid format: \".*\"]; }{[DqJwlMoTQ3e8nyl4m7amGw][logstash-2015.10.27][3]: SearchParseException[[logstash-2015.10.27][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   query: {\n     \"regexp\": {\n       \"@timestamp\": {\n          value: \".*\"\n        }\n     }\n  }\n}]]]; nested: IllegalArgumentException[Invalid format: \".*\"]; }{[DqJwlMoTQ3e8nyl4m7amGw][logstash-2015.10.27][4]: SearchParseException[[logstash-2015.10.27][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   query: {\n     \"regexp\": {\n       \"@timestamp\": {\n          value: \".*\"\n        }\n     }\n  }\n}]]]; nested: IllegalArgumentException[Invalid format: \".*\"]; }]",
    "status": 400
}

我试图找到的事件就是这个

{
    "_index": "logstash-2015.10.27",
    "_type": "logs",
    "_id": "AVCml4MI2xxzjEtiGou0",
    "_version": 1,
    "_score": null,
    "_source": {
        "host": "server",
        "@timestamp": "2015-10-27T00:00:00.142Z",
        "type_instance": "free",
        "plugin": "exec",
        "plugin_instance": "available_memory",
        "collectd_type": "gauge",
        "value": 855,
        "@version": "1"
    },
    "sort": [
        1445904000142
    ]
}

我搜索了一些东西,但没有运气。

======== update ==========

我设法用这个

查询我的弹性搜索 
#!/usr/bin/env bash

curl -XPOST 'http://localhost:9200/logstash-2015.10.27/_search' -d '
{
    "query": {
        "bool": {
          "must": { "range" : { "@timestamp" : { "gte" : "2015-10-27T00:00:01", "lte" : "2015-10-27T00:00:59"} }},
          "must": {"regexp" : { "host": "d027.*" }}
        }
    }
}'

1 个答案:

答案 0 :(得分:1)

regexp适用于string字段。 date字段实际上是Elasticsearch中的数字。

对于date搜索,我建议使用range过滤器:https://www.elastic.co/guide/en/elasticsearch/guide/current/_ranges.html#_ranges_on_dates

相关问题
最新问题