elasticsearch复合查询

其他 2019-07-04 16:58:13 阅读次数: 0

查询最近一小时内data.@level字段为Error的日志并按date倒序排列,输出最近10条,只输出[date,message]两个字段

GET events*/_search
{
     "query" : {
                 "bool" : {
                     "must" : [
                         {
                             "query_string" : {
                                 "fields" : [ "data.@level" ],
                                 "query" "Error"
                             
                         }
                         }
                         
                     ],
                 "filter" : {
                            "range" : {
                       "date" : {
                         "gte" "now-1h" ,
                         "lte" "now"
                       }
                     }
                 }
                   
                 }
                 },
                 "sort" : [
                   {
                     "date" : {
                       "order" "desc" ,
                       "missing" "_last"
                     }
                   }],
                   "_source" : [ "date" , "message" ],
                   "size" : 10
     }

猜你喜欢

转载自www.cnblogs.com/larry-luo/p/11133308.html
今日推荐
周排行
LRU cache算法
windows10, 自带的OpenSSH, key权限问题, 文件权限问题
测试用例书写方法
HIVE-默认分隔符的(linux系统的特殊字符)查看,输入和修改
最贵的AMD 7nm显卡来了!这设计 够狂野
java多线程简单demo
[ 转载 ]在Android系统上使用busybox——最简单的方法
QT connect学习
BFSIFT算法分析
Xcode10:library not found for -lstdc++.6.0.9 临时解决
每日归档
更多
2024-08-06(0)
2024-08-05(0)
2024-08-04(0)
2024-08-03(0)
2024-08-02(0)
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022