如何在弹性搜索中搜索Go过滤结果的时间框架 [英] How to search in elasticsearch with Go filtering results by time frames
问题描述
我正在尝试创建一个简单的程序,它只通过elasticsearch API搜索字符串。
我的问题特定于 gopkg.in/olivere/elastic.v2 我使用的软件包。
以下是一个代码示例:
b
fmt
gopkg.in/olivere/elastic.v2
log
反映
)
类型系统日志结构{
程序字符串
消息字符串
时间戳字符串
}
func main(){
client,err:= elastic.NewClient(elastic.SetURL(http:// localhost:9200))
if err!= nil {
log.Fatal(err)
}
info,code,err:= client.Ping()。Do()
if err!= nil {
log.Fatal(err)
}
fmt.Printf(Elasticsearch返回的代码为%d和版本%s,代码为info.Version.Number)
termQuery: = elastic.NewTermQuery(message,configuration)
searchResult,err:= client.Search() 。
// PostFilter(postFilter)。
索引(logstash- *)。 //在索引logstash- *中搜索
Query(& termQuery)。 //指定查询
Sort(timestamp,true)。 //按消息字段排序,升序
从(0).Size(10)开始。 //带文件0-9
漂亮(真)。 //漂亮的打印请求和响应JSON
Do()//执行
if err!= nil {
log.Fatal(err)
}
fmt.Printf (查询花费了%d毫秒\\\
,searchResult.TookInMillis)
var ttyp系统日志
用于_,item:=范围searchResult.Each(reflect.TypeOf( ttyp)){
t:= item。(Syslog)
fmt.Printf(Found%s%s%s\\\
,t.Timestamp,t.Program,t.Message)
$ p
$ b 这个工作,但我真正想要的是按时间范围限制搜索。
据我所知,我需要使用FilteredQuery函数。但我迷失在试图找出如何创建一个过滤的查询。
有创建它的函数FilteredQuery它需要查询类型作为输入参数,但在那里不是创建查询本身的函数。我可以创建一个所需类型的变量,但它仍然需要像elasticsearch中提交的字段以及要查找的字符串。
同样的事情对于调用 func(FilteredQuery)Filter 。
中的Filter变量,可能有人已经得到了一个示例或可以将我指向正确的方向。
我有一个JSON的例子,如果传递给elasticcisearch,我就可以得到我想要的:
query:{
filtered:{
query:{
query_string:{
query:message:\configuration \,
analyze_wildcard:true
}
},
filter:{
bool:{
必须:[
{
range:{
@timestamp:{
gte:1442100154219,
lte:1442704954219
}
}
}
],
must_not:[]
}
}
}
},
但我不知道如何在Go中执行相同的操作。谢谢。
解决方案请参阅 RangeFilter 和 FilteredQuery
下面是一个例子,想要:
$ b $编码/ json $ b $ $ $ bfmt
弹性gopkg.in/olivere/elastic.v2
)
func main(){
termQuery:= elastic.NewTermQuery(message,configuration)
timeRangeFilter:= elastic.NewRangeFilter(@ timestamp)。Gte(1442100154219).Lte(1442704954219)
//不确定这个是否真的有用,我只是把它放在这里来模仿你所说的是预期的结果
boolFilter:= elastic.NewBoolFilter()。Must(timeRangeFilter)
query:= elastic.NewFilteredQuery(termQuery).Filter(boolFilte r)
queryBytes,err:= json.MarshalIndent(query.Source(),,\t)
if err!= nil {
panic err)
}
fmt.Println(string(queryBytes))
}
它产生的输出是:
{
filtered:{
filter:{
bool:{
must:{
range:{
@timestamp:{
from :1442100154219,
include_lower:true,
include_upper:true,
to:1442704954219
}
}
}
$ bquery:{
term:{
message:configuration
}
}
I am retentively new to programming in Go.
I am trying create a simple program which does only one thing searches string via elasticsearch API. My question is specific to the "gopkg.in/olivere/elastic.v2" package I am using.
Here is a code sample:
package main
import (
"fmt"
"gopkg.in/olivere/elastic.v2"
"log"
"reflect"
)
type Syslog struct {
Program string
Message string
Timestamp string
}
func main() {
client, err := elastic.NewClient(elastic.SetURL("http://localhost:9200"))
if err != nil {
log.Fatal(err)
}
info, code, err := client.Ping().Do()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Elasticsearch returned with code %d and version %s", code, info.Version.Number)
termQuery := elastic.NewTermQuery("message", "configuration")
searchResult, err := client.Search().
//PostFilter(postFilter).
Index("logstash-*"). // search in index "logstash-*"
Query(&termQuery). // specify the query
Sort("timestamp", true). // sort by "message" field, ascending
From(0).Size(10). // take documents 0-9
Pretty(true). // pretty print request and response JSON
Do() // execute
if err != nil {
log.Fatal(err)
}
fmt.Printf(" Query took %d milliseconds\n", searchResult.TookInMillis)
var ttyp Syslog
for _, item := range searchResult.Each(reflect.TypeOf(ttyp)) {
t := item.(Syslog)
fmt.Printf("Found %s %s %s\n", t.Timestamp, t.Program, t.Message)
}
}
This works, however what I really want is to limit search by time range.
As I understand I need to use FilteredQuery function. But I am lost in attempts to figure out how to create a filtered query.
There is function which created it "FilteredQuery" it requires Query Type as an input parameter but there is no function to create Query itself. I can just create a variable of a required type, still it need to have fields like which filed in elasticsearch to look for and a string to look for.
Same thing goes for the Filter variable in call for func (FilteredQuery) Filter.
May be someone has already got an example or can point me into the right direction.
I have an example of a JSON which if passed to elastcisearch gets me what I want:
"query": {
"filtered": {
"query": {
"query_string": {
"query": "message:\"configuration\"",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1442100154219,
"lte": 1442704954219
}
}
}
],
"must_not": []
}
}
}
},
But I do not know how to implement the same in Go. Thanks.
See RangeFilter and FilteredQuery
Here is an example producing the result you want :
package main
import (
"encoding/json"
"fmt"
elastic "gopkg.in/olivere/elastic.v2"
)
func main() {
termQuery := elastic.NewTermQuery("message", "configuration")
timeRangeFilter := elastic.NewRangeFilter("@timestamp").Gte(1442100154219).Lte(1442704954219)
// Not sure this one is really useful, I just put it here to mimic what you said is the expected result
boolFilter := elastic.NewBoolFilter().Must(timeRangeFilter)
query := elastic.NewFilteredQuery(termQuery).Filter(boolFilter)
queryBytes, err := json.MarshalIndent(query.Source(), "", "\t")
if err != nil {
panic(err)
}
fmt.Println(string(queryBytes))
}
The output it produces is:
{
"filtered": {
"filter": {
"bool": {
"must": {
"range": {
"@timestamp": {
"from": 1442100154219,
"include_lower": true,
"include_upper": true,
"to": 1442704954219
}
}
}
}
},
"query": {
"term": {
"message": "configuration"
}
}
}
}
这篇关于如何在弹性搜索中搜索Go过滤结果的时间框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
