我正在使用curl查询来尝试从我的elasticsearch实例中获取数据 . 我的所有索引和类型都有一个字段调用@timestamp,它使用“strict_date_optional_time”格式 . 但每次我尝试在该字段上使用范围过滤器时,我的查询都会失败 .
The query I execute :
curl 'localhost:X/logstash-*/traces_console/_search' -d '{
"query" : {
"bool": {
"must": [
{ "match_all": {} }
],
"filter": [
{ "range":
{ "@timestamp":
"gte": "2018-02-20T13:55:06.387Z",
"lte": "2018-02-23T13:55:06.387Z"
}
}
]
}}
}'
The error message :
"reason":{
"type":"query_parsing_exception",
"reason":"[range] query does not support [@timestamp]",
"index":"logstash-2018.02.06","line":10,"col":21
}
我不明白为什么这个错误不断弹出 . 当我查看已经发布的大部分内容时,所有使用日期格式的人都有工作查询 . 如果你有任何暗示或线索,为什么它不起作用我会apreciate .
这里有一些有用的信息:
Environment
-
OS: 红帽企业Linux服务器版本6.5(圣地亚哥)
-
Java: 1.7
-
Elasticsearch: 2.4
-
Logstash: 2.4
Mapping generated from logstash
"traces_console":{
"properties":{
"@timestamp":{
"type":"date",
"format":"strict_date_optional_time||epoch_millis"
},
"@version":{"type":"string"},
"Method":{"type":"string"},
"RequestSize":{"type":"string"},
"ResponseSize":{"type":"string"},
"ResponseTime":{"type":"string"},
"SubSystem":{"type":"string"},
"column1":{"type":"string"},
"column2":{"type":"string"},
"column3":{"type":"string"},
"column4":{"type":"string"},
"column5":{"type":"string"},
"host":{"type":"string"},
"path":{"type":"string"},
"type":{"type":"string"}
}
}
Logstash configuration file feeding elasticsearch
input {
file {
path => "LOG_PATH/TRACES_CONSOLE.log"
start_position => "beginning"
type => "traces_console"
}
}
filter {
csv {
separator => ";"
columns => ["Method","RequestSize","ResponseSize","ResponseTime","SubSystem"]
source => message
convert => {
"RequestSize" => "date"
"ResponseSize" => "date"
}
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => ["localhost:X"]
}
}
1 回答
你的Range Query syntax不正确,需要额外的花括号: