1. 首页
  2. 问答
  3. 为什么elasticsearch过滤器不给出任何结果,而使用kibana dasboard给出结果?

为什么elasticsearch过滤器不给出任何结果,而使用kibana dasboard给出结果?

2017-02-20 72 views
0

我是使用意义的查询弹性搜索。当在场上使用范围过滤器时,我会得到空白,但我可以使用kibana仪表板获得结果。为什么过滤器不工作?我查询:为什么elasticsearch过滤器不给出任何结果,而使用kibana dasboard给出结果?

GET _search 
{ 
    "query": { 
    "bool": { 
     "must": [ 
     {"match": {"field_name1": "value1"}}, 
     {"match": {"file_name2": "value2"}} 
     ] 
    } 
    }, 
    "filter": {    <- not working (no data, but gets data from kibana) 
    "range": { 
     "@timestamp": { 
     "gte": "2017-02-18" 
     } 
    } 
    }, 
    "sort": [ 
    { 
     "@timestamp": { 
     "order": "desc", 
     "ignore_unmapped" : true 
     } 
    } 
    ] 
}

从kibana仪表盘当我添加的时间把它添加的time:(from:'2017-02-18T10:19:08.680Z',mode:absolute,to:'2017-02-19T10:19:08.680Z')),我能够看到的结果。仪表板还添加了一些其他的东西,如元数据和过滤器否定,但我认为他们也这样做。只有时间部分似乎有所不同。那么为什么这个差异和我的查询是正确的呢?样品网址:

https://elasticsearch/app/kibana#/discover? 
_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-18T09:23:41.044Z',mode:absolute,to:'2017-02-19T09:23:41.044Z')) 
&_a=(columns:!(description,id),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:index-value,key:field_name1,negate:!f,value:value1),query:(match:(field_name2:(query:value2,type:phrase))))),index:index-value,interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc),uiState:(),vis:(aggs:!((params:(field:field_name2,orderBy:'2',size:20),schema:segment,type:terms),(id:'2',schema:metric,type:count)),type:histogram)) 
&indexPattern=index-value&type=histogram

感谢。

样品JSON响应:

{ 
    "took": some_number, 
    "timed_out": false, 
    "_shards": { 
    "total": some_number, 
    "successful": some_number, 
    "failed": 0 
    }, 
    "hits": { 
    "total": some_number, 
    "max_score": null, 
    "hits": [ 
     { 
     "_index": "index-name", 
     "_type": "log-1", 
     "_id": "alphanum", 
     "_score": null, 
     "_source": { 
      "headers": "header-string", 
      "query_string": "query-string", 
      "server_variables": "server-variables", 
      "cookies": "cookies", 
      "extra_data": "some extra stuff", 
      "exception_data_obj": { 
      "stack_trace": "", 
      "source": "", 
      "message": "success", 
      "additional_data": "" 
      }, 
      "some_id": "211FA1F1-F312-1234-B539-F7AAE23EAA2F", 
      "level": "Warn", 
      "description": "Success", 
      "@timestamp": "2017-01-20T01:33:27.303Z", 
      "field1": "value1", 
      "field2": "value2" 
      "key": { 
      "key.field1": "key.value1", 
      "key.field2": "key.value2" 
      } 
      "@by": "app-name", 
      "environment": "env-name" 
     }, 
     "sort": [ 
      1484876007303 
     ] 
     }, 
     {} 
    ] 
    } 
}

来源

2017-02-20 boring

+0

默认DateTime格式为UTC ,请尝试在查询中将格式更改为UTC。另请参阅[链接](https://www.elastic.co/guide/en/elasticsearch/reference/5.1/mapping-date-format.html) –

+0

'2017-01-20T00:00Z'给出相同的结果 – boring

+0

Can你发布一个样本json数据? –

回答

0

它是不一样的查询,在这个意义上查询你问必须在FIELD1和FIELD2的查询,但在kibana你没有

为elasticsearch

来源

2017-02-21 02:53:51 Lax

+0

对不起,更新了kibana字段。 – boring

相关问题

 相关问题