spring - 使用Spring查询ElasticSearch

我是Logstash和ElasticSearch的新手。我想读取日志，该日志使用Spring Data(ElasticsearchRepository)或ElasticsearchTemplate保存在ElasticSearch中。

Elasticsearch中的日志条目如下所示:

{
    "_index": "logstash-2016.08.19",
    "_type": "logs",
    "_id": "AVagGzQ4GS5SuLe66qxR",
    "_score": 1.0,
    "_source": {
        "message": "Aug 19, 2016 12:02:32 AM com.example.server.MOM$2 handleDelivery\n",
        "@version": "1",
        "@timestamp": "2016-08-19T00:02:32.000Z",
        "host": "10.x.x.x",
        "priority": 11,
        "timestamp8601": "2016-08-19T00:02:32Z",
        "logsource": "a094b35d71da",
        "program": "xxx-router_1",
        "pid": "2424",
        "severity": 3,
        "facility": 1,
        "timestamp": "2016-08-19T00:02:32Z",
        "facility_label": "user-level",
        "severity_label": "Error"
    }
}

基于日志条目的JSON数据，我创建了以下Java类:

@Document(indexName = "logstash-2016.08.19")
public class Logstash {
    @Id
    private String _id;
    private String _index;
    private String _type;
    private Integer _score;
    private Source _source;

/* getters & setters */
}

和

public class Source {
    private String message;
    private String host;
    private Integer priority;
    private String timestamp8601;
    private String logsource;
    private String program;
    private String pid;
    private Integer severity;
    private Integer facility;
    private String facility_label;
    private String severity_label;

/* getters & setters */

}

然后，我尝试查询数据...在此示例中，我尝试获取具有指定ID的日志。我尝试了查询的各种组合，但是得到的只是一个空对象或数组。从未获得过返回实际对象的机会...此外，我尝试了Spring的ElasticsearchRepository，但没有成功。

@RestController
public class TestController {

    @Autowired
    ElasticsearchTemplate elt;

    @RequestMapping(value = "/e", method = RequestMethod.GET)
    public List<Logstash> elasticSearch() {

        SearchQuery searchQuery = new NativeSearchQueryBuilder().withQuery(matchAllQuery())
                .withFilter(QueryBuilders.boolQuery().should(QueryBuilders.termQuery("_id", "AVagGzQ4GS5SuLe66qxR")))
                .build();

        return elt.queryForList(searchQuery, Logstash.class);
    }

}

任何帮助表示赞赏=)

最佳答案

您不应映射以下划线开头的字段，而应仅映射源代码中的内容。

您的Logstash类应该像这样

@Document(indexName = "logstash-2016.08.19")
public class Logstash {
    private String message;
    private String host;
    private Integer priority;
    private String timestamp8601;
    private String logsource;
    private String program;
    private String pid;
    private Integer severity;
    private Integer facility;
    private String facility_label;
    private String severity_label;

/* getters & setters */
}