GoLang,elasticsearch多个查询参数

时间:2018-04-20 13:06:38

标签: elasticsearch go

我在golang中有一个项目,它从我们的服务器发送日志的弹性体中获取日志。我有多个查询的问题。 我想通过两个字段进行查询,其中必须找到两个字段并过滤结果以在两个时间戳之间获取所有这些日志。 在下面的代码中,将deploymentName对象附加到Filter()会导致根本没有结果。 

import  ("github.com/olivere/elastic")


func main() {

client, err := elastic.NewClient(elastic.SetURL(*elasticUrl))


   //query by time
    timeQ := elastic.NewRangeQuery("@timestamp").From(from).To(to)

   //query by key named "component"
    componentQ := elastic.NewMatchQuery("component", *component)

    //query by key named "deploymentName", sam type as component
    deploymentQ := elastic.NewMatchQuery("deploymentName", deploymentName)

    //query object used for actual search later
    generalQ := elastic.NewBoolQuery().Should().
       Filter(timeQ).Filter(componentQ).Filter(deploymentQ)

        searchResult, err := client.Search().
                Index("some-index").
                From(from).Size(*chunk).
                Query(generalQ).
                Sort("@timestamp", true).
                Do(context.Background())
}

如果generalQuery是这样编写的,那么它可以工作。

        //query object used for actual search later
    generalQ := elastic.NewBoolQuery().Should().
       Filter(timeQ).Filter(componentQ)

1 个答案:

答案 0 :(得分:1)

我目前是Elasticsearch的新手,但这种方法实际上可以工作并在给定的时间范围内返回指定的组件和部署。

timeQ := elastic.NewRangeQuery("@timestamp").From(from).To(End)
componentQ := elastic.NewTermQuery("component", *component)
deploymentQ := elastic.NewTermQuery("deploymentName", deploymentName)

generalQ := elastic.NewBoolQuery()
generalQ = generalQ.Must(timeQ).Must(componentQ).Must(deploymentQ)
相关问题
最新问题