我们已为服务器日志配置了ELK。
我们想使用PHP查询elasticsearch。以下是我们的代码:
//Change URL Accordingly
$elasticServer = ["172.29.106.202:9200"]; //Server IP / Name
//Create Elastic Search Object
$client = Elasticsearch\ClientBuilder::create()
->setHosts($elasticServer)
->setRetries(0)
->build();
$result = new stdClass();
$params = array();
$params['index'] = '*'; //search all index
$params['type'] = 'Beta Logs from 51.66';
$params['body']['query']['match']['message'] = "Action:read_session";
$result->searches = $client->search($params);
返回一组数据。但是,返回的数据与我从Kibana UI获得的数据不同。
更新
以下是我服务器上的索引列表:
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open localbeta-logstash-2016.07.24 5 1 57231 0 39.7mb 39.7mb
yellow open localbeta-logstash-2016.07.25 5 1 126438 0 41.2mb 41.2mb
yellow open localbeta-logstash-2016.07.26 5 1 109705 0 42.8mb 42.8mb
yellow open localbeta-logstash-2016.07.27 5 1 153558 0 52.2mb 52.2mb
yellow open .kibana 1 1 2 0 9.6kb 9.6kb
yellow open localbeta-logstash-2016.07.28 5 1 124439 0 38.8mb 38.8mb
yellow open localbeta-logstash-2016.07.29 5 1 136844 0 47.6mb 47.6mb
yellow open localbeta-logstash-2016.07.19 5 1 11535 0 3.6mb 3.6mb
yellow open localbeta-logstash-2016.07.30 5 1 2501 0 888kb 888kb
yellow open localbeta-logstash-2016.07.31 5 1 63040 0 43.8mb 43.8mb
yellow open localbeta-logstash-2016.07.20 5 1 85636 0 27mb 27mb
yellow open localbeta-logstash-2016.07.21 5 1 108346 0 37.7mb 37.7mb
yellow open local-logstash-2016.05.11 5 1 667319 0 212.3mb 212.3mb
yellow open localbeta-logstash-2016.07.22 5 1 125687 0 44mb 44mb
yellow open localbeta-logstash-2016.08.01 5 1 3245 0 2.2mb 2.2mb
yellow open localbeta-logstash-2016.07.23 5 1 18437 0 5.5mb 5.5mb
任何解释?或更改代码?
答案 0 :(得分:1)
如果您希望查询的行为与Kibana一样,则需要使用query_string这样的查询:
$params = array();
$params['index'] = '*'; //search all index
$params['type'] = 'Beta Logs from 51.66';
$params['body']['query']['query_string']['query'] = "Action:read_session";
$result->searches = $client->search($params);