zoukankan      html  css  js  c++  java

  • elasticsearch复合查询

    查询最近一小时内data.@level字段为Error的日志并按date倒序排列,输出最近10条,只输出[date,message]两个字段

    GET events*/_search
    {
        "query": {
                    "bool": {
                        "must": [
                            {
                                "query_string": {
                                    "fields": ["data.@level"],
                                    "query""Error"
                                 
                            }
                            }
                             
                        ],
                    "filter": {
                               "range": {
                          "date": {
                            "gte""now-1h",
                            "lte""now"
                          }
                        }
                    }
                       
                    }
                    },
                    "sort": [
                      {
                        "date": {
                          "order""desc",
                          "missing""_last"
                        }
                      }],
                      "_source": ["date","message"],
                      "size": 10
        }
  • 相关阅读:
    Zigbee安全基础篇Part.3
    Zigbee安全基础篇Part.2
    Zigbee安全基础篇Part.1
    mini2440 Nor Flash工作原理分析
    fuck the browser mode
    valgrind使用
    windows下自己常用的几个bat
    二叉树可视化
    npm的使用
    tp5的phpword使用
  • 原文地址:https://www.cnblogs.com/larry-luo/p/11133308.html
Copyright © 2011-2022 走看看