在Elasticsearch Kibana中过滤空数组或非空数组 [英] Filtering empty or non empty array in Elasticsearch Kibana
问题描述
如何在Kibana中搜索空数组或非空数组字段?更准确地说:有一个用于查询的api,并且记录了这些请求/响应.如果未找到任何元素,则搜索可能会导致数组为空:'response:[]'.在其他情况下,此响应"表示不响应.字段是一个填充有对象的数组:'response:[{"myProp":"something"},{"myProp":"something2"}]]'.
我尝试使用DSL查询,嵌套搜索和其他Stackoverflow答案,但均未成功.对于以下情况,我在Kibana DSL查询中遇到语法错误(或尝试使用的任何其他解决方案):
How can I search for an empty array or non empty array field in Kibana? To be more precise: There is an api that is used for queries and these requests/responses are logged. The search may result in an empty array if no elements have been found: 'response: []'. In other cases this "Response" field is an array populated with objects: 'response: [{"myProp": "something"}, {"myProp": "something2"}]'.
I've tried to use DSL queries, nested searches and other Stackoverflow answers but without success.
For the following I get syntax error (or for any other solution I try to use) in the Kibana DSL query:
"must_not": {
"script": {
"script": "response.size() > 0"
}
}
或使用以下结果导致内部服务器错误:
or using the following results in an Internal Server Error:
{
"script": "response.size > 0"
}
推荐答案
If your response
field is NOT defined as nested
, you'll need to target one of the array objects' keys instead of the array itself. You should preferably pick a key that's present in all of the child objects -- in your case myProp
.
Now, if myProp
has a defined keyword
sub-mapping, you could do:
{
"script": {
"script": {
"source": "doc['response.myProp'].size() > 0",
"lang": "painless"
}
}
}
which basically says, look at the length of the doc values array and infer the parent array length based on that.
If your response
is indeed nested
, it gets even tricker. I've explained the reasons in my answers to:
但原理保持不变-您将嵌套数组对象的内容提取到展平的级别上,在此级别上,更容易计算所得的数组长度.
but the principle stays the same — you'd extract the contents of the nested array objects onto a flattened level where it's easier to compute the resulting array length.
这篇关于在Elasticsearch Kibana中过滤空数组或非空数组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!