与Elastic Search中的确切值匹配的查询是什么?

时间:2018-12-04 12:41:12

标签: elasticsearch

我正在尝试对以下数据进行弹性搜索完全匹配:

{
    "_index" : "qweerindex",
    "_type" : "qweerdoc",
    "_id" : "anananana",
    "_score" : 1.0,
    "_source" : {
      "severity" : "Low",
      "deviceVendor" : "CP",
      "name" : "accept",
      "deviceProduct" : "bbn Wall-1",
      "request":"https://www.google.com/",
      "rawdata" : "CEF:0|starting point|VPN-1 & icewall-1||accept|accept|Low| eventId=17170340 proto=DGP categorySignificance=/Normal categoryBehavior=/Access categoryDeviceGroup=/icewall catdt=icewall categoryOutcome=/Success categoryObject=/Host/Application/Service art=1947097440910 cat=SecurityLog act=accept rt=1947097371000 deviceDirection=0 src=10.9.14.141 sourceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1910: 10.0.0.0-10.101.101.101 spt=93997 sourceTranslatedPort=0 dst=10.19.1.170 destinationZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1910: 10.0.0.0-10.101.101.101 destinationDnsDomain=zyz.in)  destinationTranslatedAddress=101.31.100.71 destinationTranslatedZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1910: 101.11.0.0-101.31.101.101 dpt=1397 destinationTranslatedPort=0 duser=Durga SV (v00731@zyz.in) dummyisdummy (dummyisdummy@zyz.in)  destinationServiceName=Lotus_1397 cs1=39 & To be optimized cs3=zyz-XYZ-T7-MGMT cs4={B0B041BB-0AB1-499A-AB3E-7111094D7410} cs1=zyz-XYZ-T7-POLICY cs1Label=Rule & Rule Name cs7Label=UFP category cs3Label=Manager cs4Label=Rule UID cs9Label=Total bytes cs1Label=Policy Name cn1Label=Elapsed Time in Seconds cn7Label=icmp_type cn3Label=icmp_code deviceCustomDate1Label=Elapsed Time deviceCustomDate7Label=Subs Expired ahost=XYZ-LAN-C7.zyz.IN agt=10.10.11.14 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1910: 10.0.0.0-10.101.101.101 av=7.7.7.7747.0 atz=Asia/bombay aid=3PDNqwmEBABDnC9irE0ilVg\\=\\= at=starting pointicewall_ad_opsec dvc=197.110.109.10 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1910: 197.110.0.0-197.110.101.101 dtz=Asia/bombay deviceInboundInterface=wrp170 _cefVer=0.1 ad.src__machine__name=hotkohfind010@zyz.in ad.Chassis_,Bladed_,System=[ 1_7 ] ad.snid=dee97010 ad.has__accounting=0 ad.origin__sic__name=CN\\=zyz-XYZ-INT-VS-T7FW,O\\=zyz-XYZ-T7-MGMT..yfpjjc ad.src__user__name=zyz SV (v00731@zyz.in) dummyisdummy (dummyisdummy@zyz.in)  ad.NAT__rulenum=310 ad.NAT__addtnl__rulenum=1"
    }
  }


使用以下Elasticsearch查询:

es.search(index=startingpoint_index_g,
                    doc_type=startingpoint_doc_type_g,
                                            body=({
                                                    "query": {
                                                        "constant_score": {
                                                        "filter": {
                                                            "bool": {
                                                            "must": [
                                                                {"term": {"deviceProduct": "bbn Wall-1"}},
                                                                {"term": {"request": "https://www.google.com/"}},
                                                                {"term": {"rawdata": "ad.NAT__rulenum=310"}}
                                                            ]   

                                                            }
                                                        }
                                                        }
                                                    }
                                                    })['hits']['hits']


我希望它返回满足所有条件的数据,即所有值都应完全匹配。但是,我注意到它还会发送具有部分匹配项的数据(某些条件匹配项或字段具有指定值的一部分)。

Elasticsearch版本:5.6.2

1 个答案:

答案 0 :(得分:0)

请发布您的映射以解决搜索问题。

使用关键字比较确切术语:

发布 “ analyzer”:“关键字”

相关问题
最新问题