elasticsearch-query

问题 I've got a created_at field in my Elastic Search database and I'm trying to pull out data and sort it by that field. The field was stored with a mapping property with the date format, with the fielddata key set to true , but I still get the error: Text fields are not optimised for operations that require per-document field data like aggregations and sorting, so these operations are disabled by default. Please use a keyword field instead. Alternatively, set fielddata=true on [created_at] in

问题 I have movies index in which each document has this structure : Document : { "color": "Color", "director_name": "Sam Raimi", "actor_2_name": "James Franco", "movie_title": "Spider-Man 2", "actor_3_name" : "Brad Pitt", "actor_1_name": "J.K. Simmons" } I need to do calculate number of movies corresponding to each actor (actor can be in both actor_1_name or actor_2_name or actor_3_name field) Mapping of these 3 fields is : Mapping "mappings": { "properties": { "actor_1_name": { "type": "text",

问题 I want to query IP range from:172.16.0.0 to 172.31.0.0 in ELK I try two query methods, but fail. { "query": { "bool": { "should": [ { "regexp": { "DstIP": "172.(3[0-1]|1[6-9]|2[0-9]).*" } } ], "minimum_should_match": 1 } } } { "query": { "range": { "DstIP": { "gte": "172.16.0.0", "lte": "172.31.0.0" } } } } How can query IP range in ELK? 回答1: For range queries to work correctly on IP values it is necessary to define the field data type as ip. Below is the working example with mapping, sample

问题 Suppose i've 3 doc doc_1 = { "citedIn": [ "Bar Councils Act, 1926 - Section 15", "Contract Act, 1872 - Section 23" ] } doc_2 = { "citedIn":[ "15 C. B 400", "Contract Act, 1872 - Section 55" ] } doc_3 = { "citedIn":[ "15 C. B 400", "Contract Act, 1872 - Section 15" ] } Here citedIn field is a array object.Now i want run a stander match query { "query": { "match": {"citedIn":{"query": "Contract act 15" , "operator":"and" }} } } The above query return all of the 3 doc, but it suppose to return

问题 Need help constructing an ES query. Here's an example of the raw JSON of the documents: { "user_uuid": 1234, "keywords": "apple", "@timestamp": "2020-01-15", }, { "uuid": 1234, "keywords": "google", "@timestamp": "2020-01-21", }, { "uuid": 9876, "keywords": "youtube", "@timestamp": "2020-01-25", } Here is an example requirement: { "search_groups":[ { "keywords": [ "google", "microsoft", "tesla" ], "time_range": 2020-01-17 - 2020-01-22 }, { "keywords": [ "apple", "youtube", "spotify" ], "time

问题 I have a SQL table that I am exporting to Elasticsearch. One of the columns is a numeric field that is nullable, with nulls in some of the records. When we try to index the table, we get this error: One of the ETL (BigQuery -> ElasticSearch) jobs for Table : MLS has been ES Failed Chunk of 10000 from index 20000 possibly due to incompatible objects. Failing BigQuery Table: MLS Stack Trace of the error: Traceback (most recent call last): File "/Users/asif/zodiacbackend/zodiacbackend/tasks.py",

问题 I have a SQL table that I am exporting to Elasticsearch. One of the columns is a numeric field that is nullable, with nulls in some of the records. When we try to index the table, we get this error: One of the ETL (BigQuery -> ElasticSearch) jobs for Table : MLS has been ES Failed Chunk of 10000 from index 20000 possibly due to incompatible objects. Failing BigQuery Table: MLS Stack Trace of the error: Traceback (most recent call last): File "/Users/asif/zodiacbackend/zodiacbackend/tasks.py",

问题 I've got the following document in an elastic search index: { "type": "foo", "components": [{ "id": "1234123", , "data_collections": [{ "date_time": "2020-03-02T08:14:48+00:00", "group": "1", "group_description": "group1", "measures": [{ "measure_name": "MEASURE_1", "actual": "23.34" }, { "measure_name": "MEASURE_2", "actual": "5" }, { "measure_name": "MEASURE_3", "actual": "string_message" }, { "measure_name": "MEASURE_4", "actual": "another_string" } ] }, { "date_time": "2020-03-03T08:14:48

问题 I have a challenge to implement colorized tables in a Kibana Dashboard and tried to find out the best approach in internet, but no glue up to now. So, since I wouldn't like to re-invent the wheels and create from scratch, I would like to hear from you an updated status for this implementation. By the way, I know that we can define a cell color based on its value, but it cannot be only the cell color, it must be all table lines or at least, one full line. The challenge is to draw two simple

问题 I am new to Elasticsearch and I have to make a query that queries that two indexes. I want to return all the People with eye_color hazel from a nested data object within a polygon and I want the results to be sorted by name . I have looked at many questions on Stackoverflow, but can't get the query right. My data object is nested in the mapping. Can someone tell me what I am doing wrong? I am getting a failed to create query exception. The geojson is in one index and the data.eye_color is in