2017-02-28 58 views
0

我有以下查詢,其中 1.獲取所有具有logtype錯誤的數據。 2.排除logmessage字段中有error occured的所有數據。在彈性搜索查詢中排除無法解析搜索源。預期的字段名稱,但得到[START_OBJECT]

curl -s -XGET 'localhost:9200/index_name/type/_search?pretty=true&size=10' -d ' 
{ 
    "query": { 
     "match" : { 
      "logtype" : "error" 
     }, 
     "should": { 
      "bool": { 
       "must_not": { 
        "match": { 
        "logMessage": "*error occured*" 
        } 
       } 
      } 
     } 
    } 
} 
' 

但上面的命令給出:

{ 
    "error": { 
     "root_cause": [{ 
      "type": "parse_exception", 
      "reason": "failed to parse search source. expected field name but got [START_OBJECT]" 
     }], 
     "type": "search_phase_execution_exception", 
     "reason": "all shards failed", 
     "phase": "query", 
     "grouped": true, 
     "failed_shards": [{ 
      "shard": 0, 
      "index": "indexname", 
      "node": "HxII3rajS4KP5dkP-ZvPSw", 
      "reason": { 
       "type": "parse_exception", 
       "reason": "failed to parse search source. expected field name but got [START_OBJECT]" 
      } 
     }] 
    }, 
    "status": 400 
} 

怎樣纔可以解決?

回答

1

試試這個:

curl -s -XGET 'localhost:9200/index_name/type/_search?pretty=true&size=10' -d '{ 
    "query": { 
    "bool": { 
     "must": { 
     "match": { 
      "logtype": "error" 
     } 
     }, 
     "must_not": { 
     "match": { 
      "logMessage": "*error occured*" 
     } 
     } 
    } 
    } 
}' 
+0

工作就像一個魅力!任何相同的教程? – learner

+0

很高興幫助! [官方文檔](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html)有你需要的全部;-) – Val

+0

雖然上面的查詢工作正常,它在正則表達式中不起作用。我需要在'logMessage'中傳遞整個字符串以將其從搜索結果中移除。 – learner

相關問題