我在elasticsearch中创建了一个名为filebeat的索引。日志数据由elasticbeat代理在elasticsearch中发送。 我想根据名为value_of_type的特定列/字段过滤结果。使用PHP API:
$json =
'{
"query" : {
"bool" : {
"filter": [
{
"term" :
{
"value_of_type" : "sound"
}
}
]
}
}
}';
但是它返回0结果。
{"took":4,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}
在浏览器中点击myurl:9200/filebeat的结果如下所示:
{
"filebeat": {
"aliases": {},
"mappings": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
"beat": {
"properties": {
"hostname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"fields": {
"properties": {
"node": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"value_of_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"input_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"offset": {
"type": "long"
},
"source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
},
"settings": {
"index": {
"creation_date": "1494116541083",
"number_of_shards": "5",
"number_of_replicas": "1",
"uuid": "IdhWgIqiQ-GNrZK3AvCP9g",
"version": {
"created": "5020199"
},
"provided_name": "filebeat"
}
}
}
}