我发送以下弹性搜索查询,当通过uri-search发送时,它表现得非常好。但是随着身体呼叫的发布 - 它没有按预期工作。请建议如何更正查询。
这有效:
GET CALL
<someUrl>/elasticsearch/index/_search?q=host:host-0
响应(限于主机-0)
{
"took": 4,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 128040,
"max_score": 2.0973763,
"hits": [{
"_index": "123"
"_type": "log_message",
"_id": "123",
"_score": 111,
"_source": {
"host": "host-0",
"pid": 333,
"timestamp": "2017-04-06T04:29:44.724Z",
"priority": 7,
"namespace": "syslog",
"msg": "aaaaa"
}
},
"_index": "345"
"_type": "log_message",
"_id": "345",
"_score": 111,
"_source": {
"host": "host-0",
"pid": 333,
"timestamp": "2017-04-06T04:29:44.724Z",
"priority": 7,
"namespace": "syslog",
"msg": "aaaaa"
}
},
.....
}
这不起作用:
POST CALL
<someUrl>/elasticsearch/index/_search
POST电话的身体:
{
"query" : {
"term" : { "host": "host-0" }
}
}
RESPONSE(不限于host-0)
{
"took": 4,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 128040,
"max_score": 2.0973763,
"hits": [{
"_index": "123"
"_type": "log_message",
"_id": "123",
"_score": 111,
"_source": {
"host": "host-1",
"pid": 333,
"timestamp": "2017-04-06T04:29:44.724Z",
"priority": 7,
"namespace": "syslog",
"msg": "aaaaa"
}
},
"_index": "345"
"_type": "log_message",
"_id": "345",
"_score": 111,
"_source": {
"host": "host-0",
"pid": 333,
"priority": 7,
"namespace": "syslog",
"msg": "aaaaa"
}
},
"_index": "546"
"_type": "log_message",
"_id": "546",
"_score": 111,
"_source": {
"host": "host-0",
"pid": 222,
"priority": 7,
"namespace": "syslog",
"msg": "aaaaa"
}
},
.....
}
Get on this index返回 GET / elasticsearch /
"host": {
"type": "string",
"index": "not_analyzed"
},
答案 0 :(得分:1)
在您的GET调用中,会分析令牌host-0。如果您尝试以下GET调用(通过用双引号括起host-0),您基本上会得到与POST调用相同的查询,并且您将不会得到任何结果。
<someUrl>/elasticsearch/index/_search?q=host:"host-0"
如果您需要结果,则需要使用match查询而不是term查询。这相当于您的GET调用中的...?q=host:host-0。
{
"query" : {
"match" : { "host": "host-0" }
}
}
最后,我认为您的host字段具有text类型,而它应该具有keyword类型。