问题描述
- 时间戳
- 目录
{
"query":{
"bool":{
"must":{
"match":{
"directory":"/user/ayush/test/error/"
}
},"filter":{
"range":{
"@timestamp":{
"gte":"2020-08-25 01:00:00","lte":"2020-08-25 01:30:00","format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
在过滤结果中,我正在获取带有目录的记录
-
/user/ayush/test/error/ -
/user/hive/ -
/user/
但是当我使用以下术语时
{
"query":{
"bool":{
"must":{
"term":{
"directory":"/user/ayush/test/error/"
}
},"format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
即使目录值为 /user/ayush/test/error/ ,我也没有得到任何结果
解决方法
match查询分析输入字符串并构造更基本的 从那里查询。
字词查询与确切字词匹配。
请参阅这些博客以获取详细信息:
SO question on Term vs Match query
https://discuss.elastic.co/t/term-query-vs-match-query/14455
elasticsearch match vs term query
字段值/user/ayush/test/error/的分析如下:
POST/_analyze
{
"analyzer" : "standard","text" : "/user/ayush/test/error/"
}
生成的令牌为:
{
"tokens": [
{
"token": "user","start_offset": 1,"end_offset": 5,"type": "<ALPHANUM>","position": 0
},{
"token": "ayush","start_offset": 6,"end_offset": 11,"position": 1
},{
"token": "test","start_offset": 12,"end_offset": 16,"position": 2
},{
"token": "error","start_offset": 17,"end_offset": 22,"position": 3
}
]
}
索引数据:
{ "directory":"/user/ayush/test/error/" }
{ "directory":"/user/ayush/" }
{ "directory":"/user" }
使用术语查询的搜索查询:
字词查询不会将任何分析器应用于搜索字词,因此只会在倒排索引中查找该确切字词。因此,要搜索确切的术语,您需要使用directory.keyword或更改字段的映射。
{
"query": {
"term": {
"directory.keyword": {
"value": "/user/ayush/test/error/","boost": 1.0
}
}
}
}
术语查询的搜索结果:
"hits": [
{
"_index": "my_index","_type": "_doc","_id": "1","_score": 0.9808291,"_source": {
"directory": "/user/ayush/test/error/"
}
}
]