在Elasticsearch Kibana中过滤空数组或非空数组 [英] Filtering empty or non empty array in Elasticsearch Kibana

查看:63
本文介绍了在Elasticsearch Kibana中过滤空数组或非空数组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何在Kibana中搜索空数组或非空数组字段?更准确地说:有一个用于查询的api,并且记录了这些请求/响应.如果未找到任何元素,则搜索可能会导致数组为空:'response:[]'.在其他情况下,此响应"表示不响应.字段是一个填充有对象的数组:'response:[{"myProp":"something"},{"myProp":"something2"}]]'.
我尝试使用DSL查询,嵌套搜索和其他Stackoverflow答案,但均未成功.对于以下情况,我在Kibana DSL查询中遇到语法错误(或尝试使用的任何其他解决方案):

How can I search for an empty array or non empty array field in Kibana? To be more precise: There is an api that is used for queries and these requests/responses are logged. The search may result in an empty array if no elements have been found: 'response: []'. In other cases this "Response" field is an array populated with objects: 'response: [{"myProp": "something"}, {"myProp": "something2"}]'.
I've tried to use DSL queries, nested searches and other Stackoverflow answers but without success. For the following I get syntax error (or for any other solution I try to use) in the Kibana DSL query:

"must_not": {
  "script": {
    "script": "response.size() > 0"
  }
}

或使用以下结果导致内部服务器错误:

or using the following results in an Internal Server Error:

{
  "script": "response.size > 0"
}

推荐答案

如果您的响应字段定义为

If your response field is NOT defined as nested, you'll need to target one of the array objects' keys instead of the array itself. You should preferably pick a key that's present in all of the child objects -- in your case myProp.

现在,如果 myProp 具有

Now, if myProp has a defined keyword sub-mapping, you could do:

{
  "script": {
    "script": {
      "source": "doc['response.myProp'].size() > 0",
      "lang": "painless"
    }
  }
}

基本上说,请看

which basically says, look at the length of the doc values array and infer the parent array length based on that.

如果您的响应 确实是

If your response is indeed nested, it gets even tricker. I've explained the reasons in my answers to:

但原理保持不变-您将嵌套数组对象的内容提取到展平的级别上,在此级别上,更容易计算所得的数组长度.

but the principle stays the same — you'd extract the contents of the nested array objects onto a flattened level where it's easier to compute the resulting array length.

这篇关于在Elasticsearch Kibana中过滤空数组或非空数组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆