我正在使用Elasticsearch 5.4.1和Kibana 5.4.1。当我尝试对fieldName:fieldValue这样的字段值执行过滤器聚合时,我没有得到任何结果。但是当我只输入fieldValue作为过滤器时,我获得了一个匹配fieldValue的列表领域。我无法弄清楚这个问题。
我使用Chrome开发人员工具捕获了请求。当我使用fieldName:fieldValue
{"index":"logstash-*","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"*"}},{"range":{"@timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"@timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"Response Status:200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-Response Status:200","analyze_wildcard":true}}}}}}}}}
但是,当我仅使用fieldValue时,请求被解雇
{"index":"logstash-*","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"*"}},{"range":{"@timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"@timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-200","analyze_wildcard":true}}}}}}}}}
我无法弄清楚这个问题。
提前致谢!