ElasticSearch

问题 So I have two fields in my docs { emails: ["", "", ""] name: "", } And I want to have a new field once the docs are indexed called uid which will just contain the concatenated strings of all the emails and the name for every doc. I am able to get scripted field like that using this GET request on my index _search endpoint { "script_fields": { "combined": { "script": { "lang": "painless", "source": "def result=''; for (String email: doc['emails.keyword']) { result = result + email;} return doc

问题 I need multi update documents in elastic by some query. I found one solution. Like this: { "query": { "term": { "name": "some name" } }, "script": { "inline": "ctx._source.some_field = \"value\"" } } But it's not exactly what I need. Because one request will update 10, or 20 fields, for example. So it's uncomfortable to generate "script" string for many fields. Ideally, I need something like this: { "query": { "term": { "name": "some name" } }, "doc": { "field1": "value1", "field2": "value2",

问题 When I insert the new data in my database (MySQL), Logstash doesn't add it dynamically : Below you will see logstash.conf (it's the file who connected elasticsearch with mysql) input { jdbc { jdbc_connection_string => "jdbc:mysql://localhost:3306/blog" #Accès à la base de données jdbc_user => "root" jdbc_password => "" jdbc_driver_library => "C:\Users\saidb\Downloads\mysql-connector-java-5.1.47\mysql-connector-java-5.1.47.jar" jdbc_driver_class => "com.mysql.jdbc.Driver" schedule => "* * * *

问题 I'm having the following issue with elasticsearch 7 when trying creating a template. When I'm trying to copy template from elasticsearch 6 to 7 and some of the fields I have removed as per the elasticsearch 7 .e { "error": { "root_cause": [ { "type": "mapper_parsing_exception", "reason": "Root mapping definition has unsupported parameters: [events : {properties={msg={fields={raw={type=keyword}}}, requestId={type=keyword}, logger={type=keyword}, host={type=keyword}, jwtOwner={type=keyword},

问题 I'm having the following issue with elasticsearch 7 when trying creating a template. When I'm trying to copy template from elasticsearch 6 to 7 and some of the fields I have removed as per the elasticsearch 7 .e { "error": { "root_cause": [ { "type": "mapper_parsing_exception", "reason": "Root mapping definition has unsupported parameters: [events : {properties={msg={fields={raw={type=keyword}}}, requestId={type=keyword}, logger={type=keyword}, host={type=keyword}, jwtOwner={type=keyword},

问题 I have a match query that query the fields title1 , title2 with param that contains sometimes an empty string. When the value of the param is empty the query returns no results which is normal. My question is if it possible to make in one single query , this : if the param is not an empty string query all documents, otherwise do a normal multi_match query . The pseudo code of my query: { "query" : { "bool" : { "must" : { "multi_match" : { "query": param, "fields": [ "title1", "title2" ] },

问题 I have a match query that query the fields title1 , title2 with param that contains sometimes an empty string. When the value of the param is empty the query returns no results which is normal. My question is if it possible to make in one single query , this : if the param is not an empty string query all documents, otherwise do a normal multi_match query . The pseudo code of my query: { "query" : { "bool" : { "must" : { "multi_match" : { "query": param, "fields": [ "title1", "title2" ] },

问题 I have a match query that query the fields title1 , title2 with param that contains sometimes an empty string. When the value of the param is empty the query returns no results which is normal. My question is if it possible to make in one single query , this : if the param is not an empty string query all documents, otherwise do a normal multi_match query . The pseudo code of my query: { "query" : { "bool" : { "must" : { "multi_match" : { "query": param, "fields": [ "title1", "title2" ] },

问题 I regularly take a snapshot of my ES cluster in a s3 bucket and so i wanted to know that if i am deleting my old docs from the cluster and regularly adding new docs then after taking a snapshot how does ES deal with this scenario wheather the docs get deleted from my previous snapshots as well or how does ES keep a backup of my docs. Please explain? 回答1: When ES takes snapshots, ES doesn't take snapshots of docs but rather it takes snapshots of segments . Of course, the segments contain the