1. 首页
  2. 问答
  3. Kibana:文本中搜索字符串

Kibana:文本中搜索字符串

2017-02-28 544 views
0

我在Kibana包含此日志消息:Kibana:文本中搜索字符串

org.hibernate.exception.GenericJDBCException: Cannot open connection 
at org.springframework.orm.hibernate3.HibernateTransactionManager.doBegin(HibernateTransactionManager.java:597)

未返回结果实际搜索:log_message:“Hibernate3的”

如果我搜索“hibernate3”这条消息不会出现。我正在使用Elasticsearch模板,并对该字段进行了索引编制,但也希望能够执行不区分大小写的全文搜索。这可能吗?

模板正在使用中:

{ 
"template": "filebeat-*", 
"mappings": { 
    "mainProgram": { 
     "properties": { 
      "@timestamp": { 
       "type": "date", 
       "format": "strict_date_optional_time||epoch_millis" 
      }, 
      "@version": { 
       "type": "text" 
      }, 
      "beat": { 
       "properties": { 
        "hostname": { 
         "type": "text" 
        }, 
        "name": { 
         "type": "text" 
        } 
       } 
      }, 
      "class_method": { 
       "type": "text", 
       "fielddata": "true", 
       "index": "true" 
      }, 
      "class_name": { 
       "type": "text", 
       "fielddata": "true" 
      }, 
      "clientip": { 
       "type": "ip", 
       "index": "not_analyzed" 
      }, 
      "count": { 
       "type": "long" 
      }, 
      "host": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "input_type": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "log_level": { 
       "type": "text", 
       "fielddata": "true", 
       "index": "true" 
      }, 
      "log_message": { 
       "type": "text", 
       "index": "true" 
      }, 
      "log_timestamp": { 
       "type": "text" 
      }, 
      "log_ts": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "message": { 
       "type": "text" 
      }, 
      "offset": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "query_params": { 
       "type": "text", 
       "index": "true" 
      }, 
      "sessionid": { 
       "type": "text", 
       "index": "true" 
      }, 
      "source": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "tags": { 
       "type": "text" 
      }, 
      "thread": { 
       "type": "text", 
       "index": "true" 
      }, 
      "type": { 
       "type": "text" 
      }, 
      "user_account_combo": { 
       "type": "text", 
       "index": "true" 
      }, 
      "version": { 
       "type": "text" 
      } 
     } 
    }, 
    "access": { 
     "properties": { 
      "@timestamp": { 
       "type": "date", 
       "format": "strict_date_optional_time||epoch_millis" 
      }, 
      "@version": { 
       "type": "text" 
      }, 
      "beat": { 
       "properties": { 
        "hostname": { 
         "type": "text" 
        }, 
        "name": { 
         "type": "text" 
        } 
       } 
      }, 
      "clientip": { 
       "type": "ip", 
       "index": "not_analyzed" 
      }, 
      "count": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "host": { 
       "type": "text", 
       "index": "true" 
      }, 
      "input_type": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "log_timestamp": { 
       "type": "text" 
      }, 
      "log_ts": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "message": { 
       "type": "text" 
      }, 
      "offset": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "query_params": { 
       "type": "text", 
       "index": "true" 
      }, 
      "response_time": { 
       "type": "long" 
      }, 
      "sessionid": { 
       "type": "text", 
       "index": "true" 
      }, 
      "source": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "statuscode": { 
       "type": "long" 
      }, 
      "tags": { 
       "type": "text" 
      }, 
      "thread": { 
       "type": "text", 
       "index": "true" 
      }, 
      "type": { 
       "type": "text", 
       "index": "true" 
      }, 
      "uripath": { 
       "type": "text", 
       "index": "true" 
      }, 
      "user_account_combo": { 
       "type": "text", 
       "index": "true" 
      }, 
      "verb": { 
       "type": "text", 
       "index": "true" 
      } 
     } 
    } 
} 
}

来源

2017-02-28 A_Elric

回答

0

根据你的情况,你要找什么是分析string这将首先分析字符串,然后建立索引。来自doc的引用。

换句话说,将该字段索引为全文。

因此确保,你有你必要的字段映射正确,这样你就可以做的文档一个全文搜索。

假设,在Kibana如果日志线是场message下,你可以简单地通过搜索词:

message:"hibernate3"

您可能还需要参考this,找出Term Based之间的差异和Full-Text

编辑

有场log_message的映射,如:

"log_message": { 
     "type": "string", <- to make it analyzed 
     "index": "true" 
}

也可以尝试做一个通配符搜索这样:

{"wildcard":{"log_message":"*.hibernate3.*"}}

希望这有助于!

来源

2017-02-28 17:39:56 Kulasangar

+0

由于某种原因,这不起作用: log_message:“。hibernate3”。没有结果返回。 - 其中,log_message是消息的子集。我的ElasticSearch模板的索引为:log_message \t type \t text index \t TRUE –

+0

上面更新的模板 –

+0

所以你的意思是,你没有在Kibana中看到一个名为'log_message'的单独字段? – Kulasangar

相关问题

 相关问题