Elasticsearch通配符搜索字符串not_analyzed

时间:2016-06-27 10:12:02

标签: elasticsearch lucene kibana elasticsearch-plugin fluentd

我在not_analyzed string字段上遇到通配符搜索问题。

我正在使用td-agent(plugin-elasticsearch) - > elasticsearch(kibana)。我尝试将映射设置为not_analyzed,因为我的字段"标记"包含点。条目示例:

{
  "_index": "logstash-2016.06.27",
  "_type": "fluentd",
  "_id": "AVWRR1tIYMKfwXgMeyTA",
  "_score": null,
  "_source": {
    "app": "RECEIVER",
    "thread": "139639914489600",
    "severity": "INFO ",
    "message": "FM version 0",
    "tag": "beeeon.ant-2.ada_server",
    "@timestamp": "2016-06-27T11:53:35+02:00"
  },
  "fields": {
    "@timestamp": [
      1467021215000
    ]
  },
  "sort": [
    1467021215000
  ]
}

该文件的当前映射:

{
  "simple-template" : {
    "order" : 0,
    "template" : "logstash-*",
    "settings" : {
      "index" : {
        "number_of_shards" : "1",
        "number_of_replicas" : "1"
      }
    },
    "mappings" : {
      "_default_" : {
        "properties" : {
          "app" : {
            "index" : "analyzed",
            "type" : "string"
          },
          "severity" : {
            "index" : "analyzed",
            "type" : "string"
          },
          "@timestamp" : {
            "index" : "not_analyzed",
            "type" : "date"
          },
          "thread" : {
            "index" : "analyzed",
            "type" : "string"
          },
          "tag" : {
            "index" : "not_analyzed",
            "type" : "string"
          },
          "message" : {
            "index" : "not_analyzed",
            "type" : "string"
          }
        }
      }
    },
    "aliases" : { }
  }
}

请注意字段"标记",其值为" beeeon.ant-2.ada_server"或者" beeeon.iotdata.ada_server"。

使用'标记查询标记:" beeeon.ant-2.ada_server"'或者'标签:" beeeon.iotdata.ada_server"'一切正常,我看到来自该来源的不同条目,当我尝试执行通配符搜索时会出现问题,例如' *'或者'标记:" beeeon。*。ada_server"'。我希望看到来自两个主机的条目,但我只看到来自最后一个的条目。

感谢您的任何建议

0 个答案:

没有答案