我需要在python脚本中构建一个Elasticsearch查询。在Elasticsearch查询中,我需要将外部python变量值传递给search。
下面是我试过自己的python脚本。但它没有采用外部变量参数,当我手动设置查询中的值时,它工作正常。
import master
mst = master.Master()
sourceip = "192.168.1.1" // External variable and its value
get_query_result = mst.build_query('{"query": {"bool": {"must": [{"match": { "source": "server_one" }},{"match": {"srcip": sourceip }}],"filter":[ {"range" : {"timestamp" :{"gte": "now-1d", "lte": "now"}}}]}}}')
total_query_result = get_query_result['hits']['total']
print(total_query_result)
当我将sourceip变量放在elasticsearch查询中时,它不会获取变量值并生成结果。它引发了错误
但是当我在Elasticsearch查询中手动设置IP地址值时,脚本会成功返回结果。
如何在Elasticsearch Query中传递python变量。
答案 0 :(得分:1)
你需要这样做:
sourceip = "192.168.1.1"
query = '{"query": {"bool": {"must": [{"match": { "source": "server_one" }},{"match": {"srcip": "%s" }}],"filter":[ {"range" : {"timestamp" :{"gte": "now-1d", "lte": "now"}}}]}}}' % (sourceip)
get_query_result = mst.build_query(query)
答案 1 :(得分:0)
您需要将其插入查询字符串,如下所示:
'{"query": {"bool": {"must": [{"match": { "source": "server_one" }},{"match": {"srcip": {} }}],"filter":[ {"range" : {"timestamp" :{"gte": "now-1d", "lte": "now"}}}]}}}'.format(sourceip)
或者,在我看来更优雅:
import json
query = {"query": {"bool": {"must":[
{"match": { "source": "server_one" }},
{"match": {"srcip": sourceip }}
],
"filter":[{"range" : {"timestamp" :{"gte": "now-1d", "lte": "now"}}}]
}}
query = json.dumps(query)