elasticsearch - 在 Elasticsearch 中过滤特定字段

我们正在将ElasticSearch与Kibana一起使用来查询日志。
ElasticSearch中提取的数据具有以下格式:

{
  "took" : 84,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5719,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "evtdata-2020-11",
        "_type" : "_doc",
        "_id" : "49612101596783840103434103604261455601292612965391925250.0",
        "_score" : 1.0,
        "_source" : {
          "id" : "unknown:B8-27-EB-47-B4-2A",
          "timestamp" : 1604453736242,
          "data" : [
            {
              "e" : "A",
              "v" : 15.0
            },
            {
              "e" : "B",
              "v" : 30.22
            },
            {
              "s" : "A",
              "v" : 1.4
            },
            {
              "s" : "B",
              "v" : 310
            },            {
              "s" : "C",
              "v" : 2
            }
          ],
          "drift" : -3.0
        }
      }
    }
}

我们只想获取数据索引，其中值 e = 在特定时间范围内的。

  "data" : [
    {
      "e" : "A",
      "v" : 15.0
    }
]

目前我建立的查询是:

GET /evtdata-2020-11/_search
{
  "_source": [
    "data.e",
    "data.v"
  ],
  "query": {
    "bool": {
      "must": [
        "inner",
        {
          "match": {
            "data.e": "A"
          }
        },
        {
          "range": {
            "timestamp": {
              "gte": 1604453773434,
              "lt": 1604453778451
            }
          }
        }
      ]
    }
  }
}

但是通过上面的查询，我得到了所有的 e 和 v
有人可以告诉我如何更改查询，以仅在响应中获得类型的 e 和 v 吗？

最佳答案

然后，您可以使用inner_hits，根据嵌套内部对象中的匹配返回文档
索引映射:

{
  "mappings": {
    "properties": {
      "data": {
        "type": "nested"
      }
    }
  }
}

搜索查询:

{
  "query": {
    "nested": {
      "path": "data",
      "query": {
        "bool": {
          "must": [
            {
              "match": {
                "data.e": "A"
              }
            }
          ]
        }
      },
    "inner_hits":{}
    }
  }
}

搜索结果:

"inner_hits": {
          "data": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 0.6931471,
              "hits": [
                {
                  "_index": "64705886",
                  "_type": "_doc",
                  "_id": "1",
                  "_nested": {
                    "field": "data",
                    "offset": 0
                  },
                  "_score": 0.6931471,
                  "_source": {
                    "e": "A",
                    "v": 15.0
                  }
                }
              ]
            }
          }
        }

关于elasticsearch - 在 Elasticsearch 中过滤特定字段，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/64705886/