我尝试使用logstash elasticsearch filter plugin将标记添加到数据流中,方法是将两个elasticsearch索引与一个共同的"标识符"领域。当标识符为负数时,过滤器无法执行。
过滤器看起来像:
filter {
if [type] == "mysql-telemetry" {
elasticsearch {
hosts => ["localhost"]
index => "mysql-properties"
query => "identifier:%{identifier}"
fields => [["datumname","datumname"],
["datuminstance","datuminstance"],
["originator","originator"],
["originatorinstance","originatorinstance"],
["observatory","observatory"],
["site","site"],
["units","units"]
]
enable_sort => "false"
}
}
}
这个错误似乎在抱怨" - "从标识符签名。
RemoteTransportException [[尤物] [172.17.0.3:9300] [指数:数据/读取/搜索[相位/查询]]];嵌套:SearchParseException [无法解析搜索源[{" size":1," query":{" query_string":{" query" :"类型:mysql-properties AND identifier:-4243310759994300850"," lowercase_expanded_terms":true," analyze_wildcard":false}}," sort&#34 ;:[{" datumname" {"为了":" ASC"}}]}]];嵌套:QueryParsingException [无法解析查询[type:mysql-properties AND identifier:-4243310759994300850]];嵌套:ParseException [无法解析'类型:mysql-properties AND identifier:-4243310759994300850':遇到" " - " " - ""第1栏第37栏。
我尝试在%{identifier}周围添加转义双引号,但后来又出现了不同的错误
引起:java.lang.NumberFormatException:对于输入字符串:"" -4937399000822192745""
我应该使用不同的转义,不同的引号,不同的查询吗?