例如,您如何构建一个Elasticsearch查询,该查询按包含ip
匹配192.168.100.14/24
字段的文档进行过滤?
{
query: {
filtered: {
filter: {
???
}
}
}
}
为了澄清,我正在搜索的文档具有索引为IP字段的属性,并且我想查找具有与CIDR掩码匹配的IP的所有文档(将在过滤器中指定)。
答案 0 :(得分:1)
如果使用ES 2.2或更高版本,请尝试此操作:
{"query": {"term" : {"<ip_field_name>" : "192.168.100.14/24"}}}
答案 1 :(得分:0)
elasticsearch类型var dictArray: [Dictionary<String, String>] = []
func getAlerts(){
let invitesRef = self.rootRef.child("invites")
let query = invitesRef.queryOrderedByChild("invitee").queryEqualToValue(currentUser?.uid)
query.observeEventType(.Value, withBlock: { snapshot in
for child in snapshot.children {
guard let invitee = child.value["invitee"] as? String else{
return
}
guard let role = child.value["role"] as? String else{
return
}
self.dictArray.append(child as! Dictionary<String, String>)
print(self.dictArray)
}
})
}
不支持该类型的输入。这是一个示例,表明它将失败:
ip
PUT index1
{
"mappings": {
"type1": {
"properties": {
"ip_addr": {
"type": "ip"
}
}
}
}
}
POST index1/type1
{
ip_addr: "192.168.100.14/24"
}
相反,如果您剥离{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse [ip_addr]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse [ip_addr]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "failed to parse ip [192.168.100.14/24], not a valid ip address"
}
},
"status": 400
}
它将正常工作。