我无法弄清楚这个查询有什么问题。"范围"和"存在"都是独立工作的,但我一起得到parsing expection和range malformed query, expected END_OBJECT but found FIELD_NAME.有人可以弄清楚这个查询有什么问题吗?
{
"query": {
"range":{
"@timestamp":{
"gte":"2019-08-04T11:00:00",
"lt":"2019-10-04T12:00:00"
}
},
"exists": {
"field": "params.zone"
}
},
"_source": ["@timestamp", "params.zone"]
}
如果你想像range和exists那样组合多个查询,你需要使用bool查询,并确定哪些子句是强制性的(must(,可选的(should(,过滤器(filter(,或者不应该出现在结果中(must_not
有效的查询可能如下所示(在此示例中,您的子句是必需的(:
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "2019-08-04T11:00:00",
"lt": "2019-10-04T12:00:00"
}
}
},
{
"exists": {
"field": "params.zone"
}
}
]
}
},
"_source": [
"@timestamp",
"params.zone"
]
}