当在termQuery中使用QueryBuilders时,Elasticsearch返回零点击
我正在构建一个Java应用程序,它可以搜索来自Elasticsearch的数据(数据从kafka到logstash,然后是elasticsearch,格式为json格式)。当我使用QueryBuilders.queryStringQuery(reqId)时,我可以得到所有的结果,没有问题,但是当我使用QueryBuilders.termQuery("routingRequestID", reqId);时,即使ES数据中存在reqId,也会得到0次点击。
RestHighLevelClient client = new RestHighLevelClient(
RestClient.builder(new HttpHost("127.0.0.1", 9200, "http")));
@GetMapping("/q/{reqId}")
public String searchByReqId(@PathVariable("reqId") final String reqId) throws IOException {
String[] indexes = {"devglan-log-test"};
QueryBuilder queryBuilder = QueryBuilders.termQuery("routingRequestID", reqId);
// QueryBuilder queryBuilder = QueryBuilders.queryStringQuery(reqId);
SearchSourceBuilder searchSource = SearchSourceBuilder.searchSource().query(queryBuilder).from(0).size(1000);
System.out.println(searchSource.query());
SearchRequest searchRequest = new SearchRequest(indexes, searchSource);
System.out.println(searchRequest.source().toString());
SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
System.out.println(searchResponse.toString());
SearchHits hits = searchResponse.getHits();
SearchHit[] searchHits = hits.getHits();
for (SearchHit hit : searchHits) {
System.out.println(hit.toString());
}
return "success";
}{
took: 633,
timed_out: false,
_shards: {
total: 1,
successful: 1,
skipped: 0,
failed: 0
},
hits: {
total: {
value: 1,
relation: "eq"
},
max_score: 1.6739764,
hits: [
{
_index: "devglan-log-test",
_type: "_doc",
_id: "k4qAPXEBCzyTR4XVXPb2",
_score: 1.6739764,
_source: {
@version: "1",
message: "
{"requestorRole":"role3", "requestorGivenName":"doe", "requestorSurName":"male",
"requestorOrganizationName":"dob", "reqd":"address",
"requestorC":"city", "routingRequestID":"7778787898778879"}",
@timestamp: "2020-04-03T00:45:53.917Z"
}
}
]
}
}searchSource.query()生成的查询
{
"term" : {
"routingRequestID" : {
"value" : "2421",
"boost" : 1.0
}
}
}searchRequest.source().toString()中生成的查询
{"from":0,"size":1000,"query":{"term":{"routingRequestID":{"value":"2421","boost":1.0}}}}结果:
{"took":0,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":0,"relation":"eq"},"max_score":null,"hits":[]}}所有的帮助都是非常感谢的,如果你知道如何帮助,请不要跳过这篇文章。*高压表情符号*
回答 4
Stack Overflow用户
发布于 2020-04-07 01:53:51
所以问题是所有的信息都在一个领域里。我通过更改日志存储配置,然后使用matchQuery解决了这个问题。如果您使用kafka和json格式,则需要在logstash配置文件中添加以下内容:
input {
kafka {
bootstrap_servers => "kafka ip"
topics => ["your kafka topics"]
}
}
filter {
json {
source => "message"
}
mutate {
remove_field => ["message"]
}
}顺便说一下,我正在使用elasticsearch 7.4,最新的日志和最新的kafka v.祝你好运,感谢所有想要帮助我的人!我很感激你!下面是elasticsearch logstash插件的链接,它将指导您使用不同的选项:https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html
Stack Overflow用户
发布于 2020-04-04 03:07:04
由于您尚未提供索引、示例文档和预期搜索项文档的映射。我猜测,基于任何信息,是您的和您正在使用的查询类型的问题所在。
看起来,routingRequestID被定义为text,默认情况下使用standard分析器,当您使用查询字符串查询时,Elasticsearch应用了相同的索引时间分析器,如下所示:
然后,在返回匹配文档之前,查询将独立地分析每个拆分的文本。
但是,当您使用termQuery (如术语查询文档中所解释的)时,它不会被分析,并且使用相同的文本,这些文本将在查询中传递:
返回在提供的字段中包含确切术语的文档。
解决方案:
如果您希望从这两个查询中获得与其分析查询相同的结果,请尝试使用匹配查询。
Stack Overflow用户
发布于 2020-04-04 03:19:18
我认为您应该检查存在的数据routingRequestID = 2421。
//This queryBuilders like SQL: select * from XXX where routingRequestID=2421 limit 0,1000
{"from":0,"size":1000,"query":{"term":{"routingRequestID":{"value":"2421","boost":1.0}}}}https://stackoverflow.com/questions/61021193
复制相似问题
腾讯云开发者
