ES查询到Kibana lucene查询的转换

ctehm74n  于 2022-11-07  发布在  Lucene
关注(0)|答案(1)|浏览(300)

我试图将下面的ES查询转换为Kibana Lucene查询,但我不了解基本知识,也找不到示例。

{
    "query": {
        "bool": {
            "must": [{
                "query_string": {
                    "query": "(\"/xyz\") AND (\"POST\") AND (\"GET\")",
                    "analyze_wildcard": false,
                    "lowercase_expanded_terms": false
                }
            }, {
                "match_phrase": {
                    "source": {
                        "query": "/var/log/nginx/access.log"
                    }
                }
            }, {
                "match_phrase": {
                    "response": {
                        "query": 200
                    }
                }
            }, {
                "range": {
                    "status_code": {
                        "gte": 400,
                        "lt": 599
                    }
                }
            }, {
                "range": {
                    "@timestamp": {
                        "gte": "now-24h",
                        "lte": "now",
                        "format": "epoch_millis"
                    }
                }
            }],
            "must_not": []
        }
    }
}

我所做的一切是source:"/var/log/nginx/access.log" AND "(\"/xyz\") AND (\"POST\") AND (\"GET\")" AND response:200 AND status_code:[400 - 599]这是不完整或不正确的。我被困在这里。任何帮助吗?谢谢

iszxjhcz

iszxjhcz1#

您可以尝试以下查询(我已调整创建的查询,但未测试,因为示例数据不可用):

(xyz and POST and GET) and (source:"/var/log/nginx/access.log") and response:200 and (status_code>=400 and status_code<=599)

您可以查看this文档以了解有关KQL的更多详细信息。

相关问题