Hola, estoy tratando de emitir un comando curl para recuperar algunos documentos de mi índice de búsqueda elástica (informes mep) cómo no está funcionando.

Imagina que si hago el siguiente comando curl, devuelve los datos

curl -XGET 'localhost:52671/mep-reports*/_search?size=1' -H 'Content-Type: application/json' -d @query1.txt

Respuesta

{
  "took": 6,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 100,
    "max_score": null,
    "hits": [
      {
        "_index": "mep-reports",
        "_type": "doc",
        "_id": "99",
        "_score": null,
        "_source": {
          "inventory": "SMS",
          "msg_text": "This is random text",
          "status": "ENROUTE",
          "@timestamp": "2019-09-10T07:06:26.287Z",
          "o_error": "",
          "flight_id": "92348fa1-ca6c-456a-b3b2-85fba2d2deed",
          "recipient": "420736408281",
          "account_id": "a56f7e14-20f9-40e6-90c6-10604140ac5f",
          "sender": "8800111",
          "campaign_id": "6f2abca3-b46d-43f3-91be-3278a8dd7dc0",
          "nof_segments": 1,
          "@version": 1,
          "submission_ts": 1568105380000000,
          "delivery_ts": 1553616888000000,
          "campaign_name": "Starbucks Promotion",
          "flight_name": "Extremely very very long flight",
          "campaign_type": "NON_MARKETING"
        },
        "sort": [
          1568099186287
        ]
      }
    ]
  }
}

Contenido del archivo query1.txt.

{
  "from": 0,
  "size": 10,
  "timeout": "300s",
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "from": "2019-08-31T23:00:00.000Z",
              "to": null,
              "include_lower": true,
              "include_upper": true,
              "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZ",
              "boost": 1.0
            }
          }
        },
        {
          "range": {
            "@timestamp": {
              "from": null,
              "to": "2019-09-12T07:06:26.287Z",
              "include_lower": true,
              "include_upper": true,
              "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZ",
              "boost": 1.0
            }
          }
        },
        {
          "match": {
            "account_id": {
              "query": "a56f7e14-20f9-40e6-90c6-10604140ac5f",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1.0
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1.0
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ]
}

Sin embargo, cuando modifico mi query1.txt para buscar documentos para incluir la consulta de términos en campaign_type, no funciona.

   curl -XGET 'localhost:52671/mep-reports*/_search?size=1' -H 'Content-Type: application/json' -d @query.txt

Respuesta

{"took":6,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}

Consulta modificada. contenido del archivo query.txt

{
  "from": 0,
  "size": 10,
  "timeout": "300s",
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "from": "2019-08-31T23:00:00.000Z",
              "to": null,
              "include_lower": true,
              "include_upper": true,
              "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZ",
              "boost": 1.0
            }
          }
        },
        {
          "range": {
            "@timestamp": {
              "from": null,
              "to": "2019-09-12T07:06:26.287Z",
              "include_lower": true,
              "include_upper": true,
              "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZ",
              "boost": 1.0
            }
          }
        },
        {
          "match": {
            "account_id": {
              "query": "a56f7e14-20f9-40e6-90c6-10604140ac5f",
              "operator": "OR",
              "prefix_length": 0,
              "max_expansions": 50,
              "fuzzy_transpositions": true,
              "lenient": false,
              "zero_terms_query": "NONE",
              "auto_generate_synonyms_phrase_query": true,
              "boost": 1.0
            }
          }
        },
        {
          "terms": {
            "campaign_type": [
              "NON_MARKETING"
            ],
            "boost": 1.0
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1.0
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ]
}

Esperaría que la consulta anterior arrojara algunos resultados. la única diferencia es que agregué términos de consulta en el campo de tipo de campaña.

Este es mi documento de mapeo de búsqueda elástica

{
  "mappings": {
    "doc": {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "@version": {
          "type": "text"
        },
        "account_id": {
          "type": "keyword"
        },
        "campaign_id": {
          "type": "keyword"
        },
        "delivery_ts": {
          "type": "date",
          "format": "epoch_millis"
        },
        "submission_ts": {
          "type": "date",
          "format": "epoch_millis"
        },
        "flight_id": {
          "type": "keyword"
        },
        "inventory": {
          "type": "keyword"
        },
        "msg_text": {
          "type": "keyword"
        },
        "nof_segments": {
          "type": "keyword"
        },
        "o_error": {
          "type": "keyword"
        },
        "recipient": {
          "type": "text"
        },
        "sender": {
          "type": "keyword"
        },
        "status": {
          "type": "keyword"
        },
        "campaign_name": {
          "type": "keyword"
        },
        "flight_name": {
          "type": "keyword"
        },
        "campaign_type": {
          "type": "keyword"
        }
      }
    }
  }
}

Realmente aprecio si puedes ayudar.

También he observado que la siguiente consulta funciona bien

{"from":0,"size":10,"timeout":"300s","query":{"bool":{"must":[{"range":{"@timestamp":{"from":"2019-08-31T23:00:00.000Z","to":null,"include_lower":true,"include_upper":true,"format":"yyyy-MM-dd'T'HH:mm:ss.SSSZ","boost":1.0}}},{"range":{"@timestamp":{"from":null,"to":"2019-09-12T07:06:26.287Z","include_lower":true,"include_upper":true,"format":"yyyy-MM-dd'T'HH:mm:ss.SSSZ","boost":1.0}}},{"match":{"recipient":{"query":"420736408281","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","auto_generate_synonyms_phrase_query":true,"boost":1.0}}},{"match":{"account_id":{"query":"a56f7e14-20f9-40e6-90c6-10604140ac5f","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","auto_generate_synonyms_phrase_query":true,"boost":1.0}}},{"match":{"campaign_id":{"query":"6f2abca3-b46d-43f3-91be-3278a8dd7dc0","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","auto_generate_synonyms_phrase_query":true,"boost":1.0}}},{"match":{"flight_id":{"query":"92348fa1-ca6c-456a-b3b2-85fba2d2deed","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","auto_generate_synonyms_phrase_query":true,"boost":1.0}}},{"terms":{"status":["enroute"],"boost":1.0}},{"terms":{"inventory":["sms"],"boost":1.0}}],"adjust_pure_negative":true,"boost":1.0}},"sort":[{"@timestamp":{"order":"desc"}}]}
0
knowledgeseeker001 1 sep. 2020 a las 14:34

1 respuesta

La mejor respuesta

Las consultas de términos no se analizan y se usan para la búsqueda exacta o por palabra clave, en su primera consulta, está usando la consulta de coincidencia que se analiza y usa el mismo analizador que se usa en el tiempo de índice, por lo tanto, obtuvo el resultado.

Si desea obtener un resultado para su consulta de término, use campaign_type.keyword si existe en su mapeo (si lo generó dinámicamente); de lo contrario, necesita crear un campo de palabra clave para almacenarlo y consultar en ese campo.

Consulte publicación elástica que explica el término en blanco y negro de la diferencia y la consulta de coincidencia..

1
user156327 1 sep. 2020 a las 11:42