【发布时间】:2020-02-05 21:46:51
【问题描述】:
我正在尝试做一些应该很简单的事情,但我无法让它发挥作用。我已经查看并搜索了所有内容以找到 perl search::elsticsearch 的详细文档。我只能找到 CPAN 文档,就搜索而言,它几乎没有被提及。我在这里搜索过,找不到重复的问题。
我有 elasticsearch 和 filebeat。 Filebeat 正在将 syslog 发送到 elasticsearch。我只想搜索具有匹配文本和日期范围的消息。我可以找到这些消息,但是当我尝试添加日期范围时,查询失败。这是来自 kibana 开发工具的查询。
GET _search
{
"query": {
"bool": {
"filter": [
{ "term": { "message": "metrics" }},
{ "range": { "timestamp": { "gte": "now-15m" }}}
]
}
}
}
我没有得到我正在寻找的确切内容,但没有错误。
这是我对 perl 的尝试
my $results=$e->search(
body => {
query => {
bool => {
filter => {
term => { message => 'metrics' },
range => { timestamp => { 'gte' => 'now-15m' }}
}
}
}
}
);
这是错误。
[Request] ** [http://x.x.x.x:9200]-[400]
[parsing_exception]
[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME],
with: {"col":69,"line":1}, called from sub Search::Elasticsearch::Role::Client::Direct::__ANON__
at ./elasticsearchTest.pl line 15.
With vars: {'body' => {'status' => 400,'error' => {
'root_cause' => [{'col' => 69,'reason' => '[range]
malformed query, expected [END_OBJECT] but found [FIELD_NAME]',
'type' => 'parsing_exception','line' => 1}],'col' => 69,
'reason' => '[range] malformed query, expected [END_OBJECT] but found [FIELD_NAME]',
'type' => 'parsing_exception','line' => 1}},'request' => {'serialize' => 'std',
'path' => '/_search','ignore' => [],'mime_type' => 'application/json',
'body' => {
'query' => {
'bool' =>
{'filter' => {'range' => {'timestamp' => {'gte' => 'now-15m'}},
'term' => {'message' => 'metrics'}}}}},
'qs' => {},'method' => 'GET'},'status_code' => 400}
谁能帮我弄清楚如何使用 search::elasticsearch perl 模块进行搜索?
【问题讨论】:
标签: perl elasticsearch