我在not_analyzed string字段上遇到通配符搜索问题。
我正在使用td-agent(plugin-elasticsearch) - > elasticsearch(kibana)。我尝试将映射设置为not_analyzed,因为我的字段"标记"包含点。条目示例:
{
"_index": "logstash-2016.06.27",
"_type": "fluentd",
"_id": "AVWRR1tIYMKfwXgMeyTA",
"_score": null,
"_source": {
"app": "RECEIVER",
"thread": "139639914489600",
"severity": "INFO ",
"message": "FM version 0",
"tag": "beeeon.ant-2.ada_server",
"@timestamp": "2016-06-27T11:53:35+02:00"
},
"fields": {
"@timestamp": [
1467021215000
]
},
"sort": [
1467021215000
]
}
该文件的当前映射:
{
"simple-template" : {
"order" : 0,
"template" : "logstash-*",
"settings" : {
"index" : {
"number_of_shards" : "1",
"number_of_replicas" : "1"
}
},
"mappings" : {
"_default_" : {
"properties" : {
"app" : {
"index" : "analyzed",
"type" : "string"
},
"severity" : {
"index" : "analyzed",
"type" : "string"
},
"@timestamp" : {
"index" : "not_analyzed",
"type" : "date"
},
"thread" : {
"index" : "analyzed",
"type" : "string"
},
"tag" : {
"index" : "not_analyzed",
"type" : "string"
},
"message" : {
"index" : "not_analyzed",
"type" : "string"
}
}
}
},
"aliases" : { }
}
}
请注意字段"标记",其值为" beeeon.ant-2.ada_server"或者" beeeon.iotdata.ada_server"。
使用'标记查询标记:" beeeon.ant-2.ada_server"'或者'标签:" beeeon.iotdata.ada_server"'一切正常,我看到来自该来源的不同条目,当我尝试执行通配符搜索时会出现问题,例如' *'或者'标记:" beeeon。*。ada_server"'。我希望看到来自两个主机的条目,但我只看到来自最后一个的条目。
感谢您的任何建议