logstash 命名查询Elasticsearch在should数组中不起作用

af7jpaap  于 2022-12-09  发布在  Logstash
关注(0)|答案(1)|浏览(198)

我试图使用命名查询来查看满足了哪个条件,是标记一还是标记二,但它不起作用,正确的实现方法是什么?该示例说明“_name”标记应该在bool内部使用,因此我不确定问题可能是什么。

GET /myindex/_search
{
  "_source": ["ids"],
    "query": {
        "bool": {
            "must": [
              {
                    "range": {
                        "timestamp": {
                          "format": "strict_date_optional_time",
                          "gte": "2022-02-21T20:44:07.099Z",
                          "lte": "2022-03-23T20:44:07.099Z"
                        }
                    }
                },
                {
                    "bool": {
                        "should": [
                          {
                          "_name": "tag-one",
                            "query_string": {
                              "query":"*hello*",
                                "fields":["field1","field2","field3"]
                            }
                        },
                        {
                            "query_string": {
                                "query":"*world*",
                                "fields":["field1","field2","field3"]
                            },
                             "_name": "tag-two"
                        }
                        ]
                    }
                }
            ]
        }
    },
    "size": 10000
}

我得到错误是:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "parsing_exception",
        "reason" : "[_name] query malformed, no start_object after query name",
        "line" : 19,
        "col" : 18
      }
    ],
    "type" : "x_content_parse_exception",
    "reason" : "[19:18] [bool] failed to parse field [must]",
    "caused_by" : {
      "type" : "x_content_parse_exception",
      "reason" : "[19:18] [bool] failed to parse field [should]",
      "caused_by" : {
        "type" : "parsing_exception",
        "reason" : "[_name] query malformed, no start_object after query name",
        "line" : 19,
        "col" : 18
      }
    }
  },
  "status" : 400
}
ddrv8njm

ddrv8njm1#

来自Elasticsearch文档
每个查询都在其顶层定义中接受_name。您可以使用命名查询来跟踪哪些查询与返回的文档匹配。
您需要在query_string中包含_named查询。

{
    "_source": [
        "ids"
    ],
    "query": {
        "bool": {
            "must": [
                {
                    "range": {
                        "timestamp": {
                            "format": "strict_date_optional_time",
                            "gte": "2022-02-21T20:44:07.099Z",
                            "lte": "2022-03-23T20:44:07.099Z"
                        }
                    }
                },
                {
                    "bool": {
                        "should": [
                            {
                                "query_string": {
                                    "query": "*hello*",
                                    "fields": [
                                        "field1",
                                        "field2",
                                        "field3"
                                    ],
                                    "_name": "tag-one"           //note this
                                }
                            },
                            {
                                "query_string": {
                                    "query": "*world*",
                                    "fields": [
                                        "field1",
                                        "field2",
                                        "field3"
                                    ],
                                    "_name": "tag-two"
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "size": 10000
}

相关问题