我使用下面的curl命令列出了一个文档。
curl -XGET "http://localhost:166/qb-*/_search?pretty" -d'{
> "size": 1,
> "query": {
> "match_all": {}
> }
> }'
{
"took" : 44,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 6972886,
"max_score" : 1.0,
"hits" : [ {
"_index" : "qb-ed",
"_type" : "doc",
"_id" : "cb7535f4m",
"_score" : 1.0,
"_source" : {
"msg" : {
"owner" : "xxx@yyy.com",
},
"level" : "",
"elk" : {
"service_name" : "qb",
"kafka_topic" : "b"
},
"datacenter" : "",
"uuid" : "0ee56fac-6477274",
"tags" : [ "hp-quen" ],
"msg_offset" : null,
"@timestamp" : "2019-07-16T17:49:48.609Z",
"host" : "aga1",
"schema_id" : 1,
"@version" : "1",
"dc" : ""
}
} ]
}
}
但是我试着搜索,没有找到
curl -XGET "http://localhost:166/qb-*/_search?pretty" -d'
{
"query": {
"term": {
"owner": "xxx@yyy.com"
}
}
}'
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : null,
"hits" : [ ]
}
}
任何想法?由于
您正在使用术语查询,它用于返回包含确切术语的文档。
除此之外,你没有owner字段,相反,你在msg中有一个owner字段。
"msg" : {
"owner" : "xxx@yyy.com",
},
因此,为了查询所有者,您应该使用msg.owner
如果没有显式定义任何映射,则需要在owner字段中添加.keyword。它使用关键字分析器而不是标准分析器(注意".keyword">
将您的搜索查询修改为
curl -XGET "http://localhost:166/qb-*/_search?pretty" -d'
{
"query": {
"term": {
"msg.owner.keyword": "xxx@yyy.com"
}
}
}'