如何配置elasticsearch正则表达式查询

【问题标题】:How to configure elasticsearch regexp query如何配置elasticsearch正则表达式查询
【发布时间】:2018-02-16 15:53:32
【问题描述】:

我尝试配置 elasticsearch 请求。我使用 DSL 并尝试在 "message" 字段中找到一些带有单词 "swagger" 的数据。

这是我想展示的正确答案之一:

  {
                "_index": "apiconnect508",
                "_type": "audit",
                "_id": "AWF1us1T4ztincEzswAr",
                "_score": 1,
                "_source": {
                    "consumerOrgId": null,
                    "headers": {
                        "http_accept": "application/json",
                        "content_type": "application/json",
                        "request_path": "/apim-5a7c34e0e4b02e66c60edbb2-2018.02/auditevent",
                        "http_version": "HTTP/1.1",
                        "http_connection": "keep-alive",
                        "request_method": "POST",
                        "http_host": "localhost:9700",
                        "request_uri": "/apim-5a7c34e0e4b02e66c60edbb2-2018.02/auditevent",
                        "content_length": "533",
                        "http_user_agent": "Wink Client v1.1.1"
                    },
                    "nlsMessage": {
                        "resource": "messages",
                        "replacements": [
                            "test",
                            "1.0.0",
                            "ext_mafashagov@rencredit.ru"
                        ],
                        "key": "swagger.import.notification"
                    },
                    "notificationType": "EVENT",
                    "eventType": "AUDIT",
                    "source": null,
                    "envId": null,
                    "message": "API test version 1.0.0 was created from a Swagger document by ext_mafashagov@rencredit.ru.",
                    "userId": "ext_mafashagov@rencredit.ru",
                    "orgId": "5a7c34e0e4b02e66c60edbb2",
                    "assetType": "api",
                    "tags": [
                        "_geoip_lookup_failure"
                    ],
                    "gateway_geoip": {},
                    "datetime": "2018-02-08T14:04:32.731Z",
                    "@timestamp": "2018-02-08T14:04:32.747Z",
                    "assetId": "5a7c58f0e4b02e66c60edc53",
                    "@version": "1",
                    "host": "127.0.0.1",
                    "id": "5a7c58f0e4b02e66c60edc55",
                    "client_geoip": {}
                }
            }

我尝试通过以下方式查找 JSON:

POST myAddress/_search

下一个查询在没有“regexp”字段的情况下工作。我应该如何配置查询的正则表达式部分?

{
  "query": {
    "filtered": {
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
               "@timestamp" : {"gte" : "now-100d"}

              }
            },
            {
              "term": {
                "_type": "audit"
              }
            },
            {
                "regexp" : {
                    "message": "*wagger*"
                }
            }

          ]
        }
      }
    }

  },
  "sort": {
    "TraceDateTime": {
      "order": "desc",
      "ignore_unmapped": "true"
    }
  }
}

【问题讨论】:

    标签: elasticsearch dsl querydsl


    【解决方案1】:

    如果消息字段被分析,这个简单的匹配查询应该可以工作:

    "match":{
    "message":"*swagger*"
}

    但是,如果不对其进行分析,这两个查询也应该适合您: 这两个查询区分大小写,因此如果您希望不对其进行分析,则应考虑将字段小写。

    "wildcard":{
    "message":"*swagger*"
}


    "regexp":{
    "message":"swagger"
}

    小心通配符和正则表达式查询会降低性能。

    【讨论】:

      猜你喜欢
      • 2014-10-08
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-12-02
      • 1970-01-01
      • 2021-04-13
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode