ElasticSearch

问题 I want to send data from Http to elasticsearch using logstash and I want to enrich my data using jdbc_streaming filter plugin. This is my logstash config: input { http { id => "sensor_data_http_input" user => "sensor_data" password => "sensor_data" } } filter { jdbc_streaming { jdbc_driver_library => "E:\ElasticStack\mysql-connector-java-8.0.18\mysql-connector-java-8.0.18.jar" jdbc_driver_class => "com.mysql.jdbc.Driver" jdbc_connection_string => "jdbc:mysql://localhost:3306/sensor_metadata"

问题 I want to send data from Http to elasticsearch using logstash and I want to enrich my data using jdbc_streaming filter plugin. This is my logstash config: input { http { id => "sensor_data_http_input" user => "sensor_data" password => "sensor_data" } } filter { jdbc_streaming { jdbc_driver_library => "E:\ElasticStack\mysql-connector-java-8.0.18\mysql-connector-java-8.0.18.jar" jdbc_driver_class => "com.mysql.jdbc.Driver" jdbc_connection_string => "jdbc:mysql://localhost:3306/sensor_metadata"

问题 My goal is to build a histogram between a start and an end dates, the empty dates should appear in the histogram and have zero as a count value. I am trying the following query to fetch the last 7 days: POST my_index/_search { "size": 0, "query": { "range": { "date": { "gte": "now-7d/d", "lte": "now/d" } } }, "aggs" : { "count_per_day" : { "date_histogram" : { "field" : "date", "interval" : "day", "order": {"_key": "desc"}, "min_doc_count": 0 } } } } The issues is that I have data only for

问题 I have this schema in elastic search. 79[ 'ID' : '1233', Geomtries:[{ 'doc1' : 'F1', 'doc2' : 'F2' }, (optional for some of the documents) { 'doc2' : 'F1', 'doc3' : 'F2' }] ] the Geometries is a nested element. I want to get all of the documents that have one object inside Geometries. Tried so far : "script" : {"script" : "if (Geomtries.size < 2) return true"} But i get exceptions : no such property GEOMTRIES 回答1: If you have the field as type nested in the mapping, the typical doc[fieldkey]

问题 I am relatively new to this elastic search. So, I have an index called post which contain documents like this: { "id": 1, "link": "https:www.instagram.com/p/XXXXX/", "profile_id": 11, "like_count": 100, "comment_count": 12 } I have another index called profile which contain documents like this: { "id": 11, "username": "superman", "name": "Superman", "followers": 12312 } So, as you guys can see, I have all profiles data under the index called profile and all posts data under the index called

问题 I am trying to aggregate on a field and get the top records using top_ hits but I want to include other fields in the response which are not included in the nested property mapping. Currently if I specify _source:{"include":[]} , I am able to get only the fields which are in the current nested property. Here is my mapping { "my_cart":{ "mappings":{ "properties":{ "store":{ "properties":{ "name":{ "type":"keyword" } } }, "sales":{ "type":"nested", "properties":{ "Price":{ "type":"float" },

问题 I have the following documents in ES: [ { "endpoint": "/abc", "user": "John", "method": "GET", "params": { "param1": 1, "param2": 2 } }, { "endpoint": "/abc", "user": "John", "method": "GET", "params": { "param1": 4, "param2": 5, "param3": 100 } }, { "endpoint": "/xyz", "user": "Jimmy", "method": "POST", "params": { "param1": 99, "param2": 88, "param4": 65 } }, { "endpoint": "/xyz", "user": "Jimmy", "method": "POST", "params": { "param1": 4, "param2": 2, "param5": 3 } } ] I want to perform a

问题 I am running minikube v1.15.1 on MacOS and installed helm v3.4.1 . I run helm install elasticsearch elastic/elasticsearch --set resources.requests.memory=2Gi --set resources.limits.memory=4Gi --set replicas=1 to install elasticsearch on k8s cluster. The pod elasticsearch-master-0 is deployed but it is in pending status. When I run kubectl describe pod elasticsearch-master-0 it gives me below warning: Warning FailedScheduling 61s (x2 over 2m30s) default-scheduler 0/1 nodes are available: 1

问题 I've got the following document in an elastic search index: { "type": "foo", "components": [{ "id": "1234123", , "data_collections": [{ "date_time": "2020-03-02T08:14:48+00:00", "group": "1", "group_description": "group1", "measures": [{ "measure_name": "MEASURE_1", "actual": "23.34" }, { "measure_name": "MEASURE_2", "actual": "5" }, { "measure_name": "MEASURE_3", "actual": "string_message" }, { "measure_name": "MEASURE_4", "actual": "another_string" } ] }, { "date_time": "2020-03-03T08:14:48

问题 I have an Elasticsearch template with the index pattern: prefix_* . I also have multiple subsystems using this template and creating indexes like so: prefix_{subsystem_name}_{date} (replacing {subsystem_name} and {name} respectively) I would like to create for each subsystem a separate alias (of its subsystem) for example for an index "prefix_monitors_20200101" I will have an alias "monitors" and for "prefix_alerts_20200101" I will have an alias "alerts" How do I do such a thing? 回答1: You'll