【发布时间】:2016-01-20 22:01:06
【问题描述】:
我在一个 3 节点集群上安装了 elasticsearch 2.1.1。 以下是我的 2 种类型的索引
{
"log-aggregation": {
"mappings": {
"application-logs": {
"_all": {
"enabled": true
},
"_parent": {
"type": "webserver-logs"
},
"_routing": {
"required": true
},
"properties": {
"localhost": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
},
"log_level": {
"type": "string",
"include_in_all": true
},
"logging_class": {
"type": "string",
"include_in_all": true
},
"logging_message": {
"type": "string",
"index": "no",
"include_in_all": true
},
"origin": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
},
"request_date": {
"type": "date",
"format": "YYYY-MM-dd HH:mm:ss,SSS",
"include_in_all": true
},
"request_time": {
"type": "long",
"include_in_all": true
},
"request_timestamp": {
"type": "date",
"format": "epoch_millis",
"include_in_all": true
},
"response_time": {
"type": "string"
},
"response_timestamp": {
"type": "date",
"format": "epoch_millis",
"include_in_all": true
},
"unique_id": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
}
}
},
"webserver-logs": {
"_all": {
"enabled": true
},
"_routing": {
"required": true
},
"properties": {
"accept_type": {
"type": "string",
"index": "no",
"include_in_all": true
},
"content_type": {
"type": "string",
"index": "no",
"include_in_all": true
},
"http_method": {
"type": "string",
"include_in_all": true
},
"http_protocol": {
"type": "string"
},
"http_status": {
"type": "long",
"index": "analyzed",
"include_in_all": true
},
"http_url": {
"type": "string"
},
"localhost": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
},
"origin": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
},
"referrer": {
"type": "string",
"index": "no",
"include_in_all": true
},
"request_timestamp": {
"type": "date",
"format": "epoch_millis",
"include_in_all": true
},
"response_size": {
"type": "short",
"index": "no",
"include_in_all": true
},
"timestamp": {
"type": "string"
},
"unique_id": {
"type": "string",
"index": "not_analyzed",
"include_in_all": true
},
"useragent": {
"type": "string",
"index": "no",
"include_in_all": true
}
}
}
}
}
}
以下是我索引的文档。
在http://SERVERNAME:9200/log-aggregation/webserver-logs?routing=VlN6VQoEFHAAAEcxAUUAAAAC发帖
{
"localhost": "svcdev104.imagitas.com",
"origin": "10.4.30.112" ,
"unique_id": "VlN6VQoEFHAAAEcxAUUAAAAC",
"timestamp": "1448311381504",
"http_method": "POST",
"http_url": "/registration/v1/save",
"http_protocol": "HTTP/1.1",
"http_status": "500",
"response_size" : "137",
"accept_type": "application/json",
"content_type": "application/json",
"referrer": "-",
"useragent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"
}
{
"localhost": "svcdev104.imagitas.com",
"origin": "chrome-extension://aejoelaoggembcahagimdiliamlcdmfm",
"unique_id": "VlN6VQoEFHAAAEcxAUUAAAAC",
"request_timestamp": "1448311331605",
"response_timestamp": "1448311381609",
"response_time": "4",
"request_date": "2015-11-23 12:53:01,605",
"log_level": "WARN",
"logging_class": "LoggingResponseInterceptor",
"logging_message": "Registration data persistence failed ....."
}
现在,我正在运行 has_child 和 has_parent 查询,但没有得到任何结果。我正在查询每种类型并获得结果,但不是在我运行 has_child 和 has_parent 查询时
这里是示例查询
发布http://SERVERNAME:9200/log-aggregation/application-logs/_search
{
"query": {
"has_parent": {
"type": "webserver-logs",
"query": {
"match": {
"http_status": "500"
}
}
}
}
}
任何帮助将不胜感激。 谢谢 斯里
【问题讨论】:
标签: elasticsearch parent-child