如何使用"OR"在开发工具查询中 [英] How to use "OR" in Dev Tool Query
问题描述
您好,贝娄搜索向我提供了同时具有值":"HB"和值":"1234567"的日志,因为我正在使用Term,但是,如果此匹配项,我正在寻找什么
Hi Bellow Search provides me Log where it has both "value": "HB" and "value": "1234567" as, I am using Term, however, What I am looking for this if this match
("value": "HB" OR "value": "TR" ) AND "value": "1234567"
但不理解下面的操作,谁能帮我
but not understanding how to do in below, Can anyone please help me
获取_search
{ "query": { "bool": { "must": [ { "match": {"log.file.path":"mylog.log" } }
{
"term": {
"GPS-LOG.COMMAND": {
"value": "HB"
}
}
},
{
"term": {
"GPS-LOG.IMEI": {
"value": "1234567"
}
}
}
], "filter": {
"range": {
"@timestamp": {
"gte": "now-10m"
}
} }
} }
推荐答案
乍一看,这似乎应该有一个简单的解决方案.但是,由于使用的是 term 查询,因此一次只能搜索一个值.我不知道您的映射,但是如果您使用的是文本字段,则不应该使用术语查询.
At first glace, it seems like this should have a simple solution. However, since you are using the term query, you can only search one value at a time. I don't know your mapping but if you are using a text field you shouldn't be using term query.
但是,要使用 term 查询解决此问题,您必须使用 minimum_should_match 并结合应该创建 OR 运算符.
However, to solve this using the term query, you have to create the OR operator using the minimum_should_match combined with should.
请参见以下代码:
GET _search
{
"query":{
"bool":{
"must":[
{
"match":{
"log.file.path":"mylog.log"
}
},
{
"term":{
"GPS-LOG.IMEI":{
"value":"1234567"
}
}
},
{
"bool":{
"should":[
{
"term":{
"GPS-LOG.COMMAND":{
"value":"HB"
}
}
},
{
"term":{
"GPS-LOG.COMMAND":{
"value":"TR"
}
}
}
],
"minimum_should_match":1
}
}
],
"filter":{
"range":{
"@timestamp":{
"gte":"now-10m"
}
}
}
}
}
}
这篇关于如何使用"OR"在开发工具查询中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
