个人中心
gpt4 book ai didi

elasticsearch - 如何获取嵌套ES文档中的字段

转载 作者:行者123 更新时间:2023-12-03 00:49:42 25 4
gpt4 key购买 nike

我有一个curl命令,可以按日期从嵌套的ES文档中获取数据。
目前无法正常运作。

有关映射,请参阅以下内容:

{
  "test" : {
    "mappings" : {
      "doc" : {
        "properties" : {
          "@timestamp" : {
            "type" : "date"
          },
          "@version" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "_APIName" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "_parameters" : {
            "properties" : {
              "event" : {
                "properties" : {
                  "body_json" : {
                    "properties" : {
                      "apps" : {
                        "properties" : {
                          "bundle" : {
                            "type" : "text",
                            "fields" : {
                              "keyword" : {
                                "type" : "keyword",
                                "ignore_above" : 256
                              }
                            }
                          },
                          "version" : {
                            "type" : "text",
                            "fields" : {
                              "keyword" : {
                                "type" : "keyword",
                                "ignore_above" : 256
                              }
                            }
                          }
                        }
                      },
                      "model_name" : {
                        "type" : "text",
                        "fields" : {
                          "keyword" : {
                            "type" : "keyword",
                            "ignore_above" : 256
                          }
                        }
                      },
                      "serial_number" : {
                        "type" : "text",
                        "fields" : {
                          "keyword" : {
                            "type" : "keyword",
                            "ignore_above" : 256
                          }
                        }
                      },
                      "version" : {
                        "type" : "text",
                        "fields" : {
                          "keyword" : {
                            "type" : "keyword",
                            "ignore_above" : 256
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          },
          "_stackName" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "beat" : {
            "type" : "object"
          },
          "category" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "log" : {
            "properties" : {
              "name" : {
                "type" : "text",
                "fields" : {
                  "keyword" : {
                    "type" : "keyword",
                    "ignore_above" : 256
                  }
                }
              }
            }
          },
          "log_name" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "message" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "offset" : {
            "type" : "long"
          },
          "prospector" : {
            "properties" : {
              "type" : {
                "type" : "text",
                "fields" : {
                  "keyword" : {
                    "type" : "keyword",
                    "ignore_above" : 256
                  }
                }
              }
            }
          },
          "source" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          },
          "stack" : {
            "type" : "text",
            "fields" : {
              "keyword" : {
                "type" : "keyword",
                "ignore_above" : 256
              }
            }
          }
        }
      }
    }
  }
}


以下是ES中的样本文档。 
{
  "_index": "test",
  "_type": "doc",
  "_id": "odUvZFjNxoBJGtXhSoBA",
  "_version": 1,
  "_score": null,
  "_source": {
    "log.name": "information",
    "offset": 8106321,
    "prospector": {
      "type": "log"
    },
    "@version": "1",
    "beat": {},
    "_stackName": "test",
    "_APIName": "Information",
    "category": "lambda",
    "@timestamp": "2019-04-16T02:22:32.000Z",
    "_parameters": {
      "event": {
        "body_json": {
          "model_name": "model-01",
          "serial_number": "1234567890",
          "version": "1.2",
          "apps": [
            {
              "name": "app1",
              "version": "1.0.14"
            },
            {
              "name": "app2",
              "version": "1.0.15"
            }
          ]
        }
      }
    },
    "stack": "test"
  },
  "fields": {
    "@timestamp": [
      "2019-04-16T02:22:32.000Z"
    ]
  }
}

这是我的curl命令: 
#!/bin/bash

curl -XGET "http://localhost:9200/test*/_search?pretty" -H 'Content-Type: application/json' -d' {
  "query": {
    "bool":{
      "must":[
        {
          "range": {
            "@timestamp": {
              "gte": 1546837215000,
              "lte": 1552712415000,
              "format": "epoch_millis"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "source_bucket": {
      "nested": {
        "path": "_source._parameters.event.body_json"
      },
      "aggs": {
        "model_name": {
          "terms": {
            "script": {
              "inline": "def model = doc['_source._parameters.event.body_json.model_name'].value;\n def serial = doc['_source._parameters.event.body_json.serial_number'].value;\nreturn \"model + serial\";",
              "lang": "painless"
            }
          }
        }
      }
    }
  }
}'


到目前为止,返回此错误: 
{
  "error" : {
    "root_cause" : [
      {
        "type" : "script_exception",
        "reason" : "compile error",
        "script_stack" : [
          "def model = doc[_parameters.event.body_js ...",
          "                ^---- HERE"
        ],
        "script" : "def model = doc[_parameters.event.body_json.model_name.keyword].value;\n def serial = doc[_parameters.event.body_json.serial_number.keyword].value;\nreturn model + serial;",
        "lang" : "painless"
      }
    ],
    "type" : "search_phase_execution_exception",
    "reason" : "all shards failed",
    "phase" : "query",
    "grouped" : true,
    "failed_shards" : [
      {
        "shard" : 0,
        "index" : "test",
        "node" : "-OHA7hfMTBGqlTNwjOOngg",
        "reason" : {
          "type" : "script_exception",
          "reason" : "compile error",
          "script_stack" : [
            "def model = doc[_parameters.event.body_js ...",
            "                ^---- HERE"
          ],
          "script" : "def model = doc[_parameters.event.body_json.model_name.keyword].value;\n def serial = doc[_parameters.event.body_json.serial_number.keyword].value;\nreturn model + serial;",
          "lang" : "painless",
          "caused_by" : {
            "type" : "illegal_argument_exception",
            "reason" : "Variable [_parameters] is not defined."
          }
        }
      }
    ]
  },
  "status" : 500
}

如何有效地获取model_name和serial_number,将它们连接起来并返回?

最佳答案

好的,您的映射中没有任何嵌套字段,因此您的查询应如下所示:

#!/bin/bash

curl -XGET "http://localhost:9200/test*/_search?pretty" -H 'Content-Type: application/json' -d'{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": 1546837215000,
              "lte": 1552712415000,
              "format": "epoch_millis"
            }
          }
        },
        {
          "exists": {
            "field": "_parameters.event.body_json"
          }
        }
      ]
    }
  },
  "aggs": {
    "model_name": {
      "terms": {
        "script": {
          "source": "def model = doc['_parameters.event.body_json.model_name.keyword'].value;\n def serial = doc['_parameters.event.body_json.serial_number.keyword'].value;\nreturn model + serial;",
          "lang": "painless"
        }
      }
    }
  }
}'

关于elasticsearch - 如何获取嵌套ES文档中的字段,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55700393/

25 4 0
文章推荐: powershell - 无法发送Powershell电子邮件-您无法在空值表达式上调用方法
文章推荐: python - 从原始WAV音频中获取信号的正负分量
文章推荐: audio - webserver 流音频 vs. 音频云平台
文章推荐: powershell - 将输出重定向到用于邮寄目的的变量
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com