rest - 在[过滤器]下应为[START_OBJECT]

我想在aggs中放入双重过滤器。
这样的。

"aggs": {
  "download1" : {
        "filter" : [
            { "term": { "IPV4_DST_ADDR":"192.168.0.159"}},
            { "range": { "LAST_SWITCHED": { "gte": "now-5m" } }}
        ],
        "aggs" : {
            "downlod_bytes" : { "sum" : { "field" : "IN_BYTES" } }
        }
    }
}

但它显示了一个错误:

"error": {
"root_cause": [
  {
    "type": "parsing_exception",
    "reason": "Expected [START_OBJECT] under [filter], but got a [START_ARRAY] in [download1]",
    "line": 33,
    "col": 24
  }
]}

我该怎么办，谢谢!

最佳答案

您需要将两个查询与bool/filter结合使用

{
  "aggs": {
    "download1": {
      "filter": {
        "bool": {
          "filter": [
            {
              "term": {
                "IPV4_DST_ADDR": "192.168.0.159"
              }
            },
            {
              "range": {
                "LAST_SWITCHED": {
                  "gte": "now-5m"
                }
              }
            }
          ]
        }
      },
      "aggs": {
        "downlod_bytes": {
          "sum": {
            "field": "IN_BYTES"
          }
        }
      }
    }
  }
}

关于rest - 在[过滤器]下应为[START_OBJECT]，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/48039718/