如何编写 elasticsearch-py 查询来查询与下面相同的数据?
--data-binary '{"query": {"filtered": {"query": {"bool": {"should":[ {"query_string": {"query":"request.action.raw:"aaa" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:"bbb" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:"ccc" AND (loglevel:INFO)"}}, } }, "filter": {"bool": {"must":[ {"range": {"@timestamp": {"from":111,"to":222}}}, {"fquery": {"query": {"query_string": {"query":"file:("ddd")"}}, "_cache":true}}]}}}}}
如果您的查询在 curl 中工作,则以下内容适用于相同的查询。
from elasticsearch import Elasticsearch
ELASTICSEARCH_ENDPOINT = "url_to_your_elasticsearch_node"
es = Elasticsearch([ELASTICSEARCH_ENDPOINT])
request= '{"query": {"filtered": {"query": {"bool": {"should":[ {"query_string": {"query":"request.action.raw:"aaa" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:"bbb" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:"ccc" AND (loglevel:INFO)"}}, } }, "filter": {"bool": {"must":[ {"range": {"@timestamp": {"from":111,"to":222}}}, {"fquery": {"query": {"query_string": {"query":"file:("ddd")"}}, "_cache":true}}]}}}}}'
results = es.search(index="index_name", doc_type="doctype_name", body=request)
请注意,除了请求之外,还需要在脚本中配置以下参数:
- ELASTICSEARCH_ENDPOINT: 弹性搜索节点或集群的网址
- index_name:索引名称。
- doc_type:文档类型名称。