elastic-stack

问题 I'm using only kibana to search ElasticSearch and i have several fields that can only take a few values (worst case, servername, 30 different values). I do understand what analyze do to bigger, more complex fields like this, but the small and simple ones i fail to understand the advance/disadvantage of anaylyzed/not_analyzed fields. So what are the benefits of using analyzed and not_analyzed for a "limited set of values" field (example. servername: server[0-9]* , no special characters to

问题 At first I displayed the logs in Kibana from the syslog and it worked fine. I set it up according to the documentation. Now I've changed the source of the logs, now it retrieves logs from my web application and although Kibana still displays them kind of correctly, now there're the Tags "_grokparsefailure" which means that there's an error in parsing the logs. The current filter I have: filter { if [type] == "syslog" { grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %

问题 Hi All I am using elasticsearch-template.json to set data type of all of my fields to string. Below is the snippet of the template: { "template": "logstash-*", "settings": { "index.refresh_interval": "5s", "number_of_shards": 1, "number_of_replicas": 0 }, "mappings": { "logs": { "_all": { "enabled": true }, "properties": { "level1": { "properties": { "level2": { "properties": { "_all": {"type": "string"} } } } } } } } } Here under level2 i have got lots of fields which get created i want to

问题 I am new to elastic search and trying to integrate an autocomplete feature for an app by following the article https://www.elastic.co/blog/you-complete-me. I have followed the below approach to do the same. Event class public class Event { private Long eventId; private Long catalogId; private Long orgId; private String orgName; private String catalogName; private String name; private String eventStatus; ..... } An objectmapper is used to convert the event object to json string. Here is the

问题 Am fetching documents from elastic search using java api, i have the following code in my elastic search documents and am trying to search it with the following pattern. code : MS-VMA1615-0D Input : *VMA1615-0* -- Am getting the results (MS-VMA1615-0D). Input : MS-VMA1615-0D -- Am getting the results (MS-VMA1615-0D). Input : *VMA1615-0 -- Am getting the results (MS-VMA1615-0D). Input : *VMA*-0* -- Am getting the results (MS-VMA1615-0D). But, if i give input like below, am not getting results.

问题 Am fetching documents from elastic search using java api, i have the following code in my elastic search documents and am trying to search it with the following pattern. code : MS-VMA1615-0D Input : MS-VMA1615-0D -- Am getting the results (MS-VMA1615-0D). Input : VMA1615 -- Am getting the results (MS-VMA1615-0D) . Input : VMA -- Am getting the results (MS-VMA1615-0D) . But, if i give input like below, am not getting results. Input : V -- Am not getting the results. INPUT : MS -- Am not

问题 I am trying to get index data from my elasticsearch with below code. But always result is 0. How can I do that ? my below query returns me empty result. var list = new List<Monitor>(); if (_client.IndexExists(indexName).Exists) { var esurl = "http://monitoring1.xxx.software:9200/,http://monitoring2.xxx.software:9200/"; string[] urls = esurl.Split(','); var nodes = new Uri[2]; for (int i = 0; i < urls.Length; i++) { nodes.SetValue(new Uri(urls[i]), i); } var connectionPool = new

问题 I need a query using match_phrase along with fuzzy matching. However I'm not able to find any documentation to construct such a query. Also, when I try combining the queries(one within another), it throws errors. Is it possible to construct such a query? 回答1: You would need to make use of Span Queries. The below query would perform phrase match+fuzzy query for champions league say for e.g. on a sample field name which is of type text If you'd want multiple fields, then add another must clause

问题 Am indexing pdf using java api. I have installed ingest-attachement processor plugin and from my java code, am converting PDF into base64 and indexing encoded format of PDF. Actually, PDFs are available in my machine d:\ drive. The file path are available in ElasticSearch index named as documents_local . So, am fetching all the records from documents_local index and getting the file path. Then, am reading the pdf file and encode into base64. Then indexing them. For this process, am using

问题 I have the following synonym expansion : suco => suco, refresco, bebida de soja What i want is to tokenize the search this way: Search for "suco de laranja" would be tokenized to ["suco", "laranja", "refresco", "bebida de soja"]. But i'm getting it tokenized to ["suco", "laranja", "refresco", "bebida", "soja"]. Consider that the " de " word is a stop word. And i want it to be ignored on the query like "bebida de laranja" becomes ["bebida", "laranja"]. But i don't want it to be considered on