如何通过键值对elasticsearch数组中的键匹配数组值? [英] how to match an array value by it's key in a key value pair elasticsearch array?
问题描述
我有一组 key value
对.是否可以精确匹配 key
& 的值?然后检查它的 value
的范围值?
I have an array of key value
pairs. Is it possible to exact match value of key
& then do a check on it's value
's range value?
示例:在下面的文档中,oracle_props
是一个带有名称、值对的数组.我需要检查它是否有 "oracle_cursors"
键,然后检查它的值是否小于 1000.
Example: In below doc oracle_props
is an array with name, value pairs. I need to check if it has "oracle_cursors"
key and then check if it's value is less than 1000.
GET /eg/message/_percolate
{
"doc": {
"client": {
"name": "Athena",
"version": 1,
"db": {
"@type": "Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 64bit",
"oracle_props": [
{
"@name": "open_cursors",
"@value": 4000
},
{
"@name": "USER_ROLE_PRIVS_COUNT",
"@value": 1
},
{
"@name": "CREATE_PERMISSION",
"@value": "Y"
}
]
}
}
}
}
下面是我的过滤器.
我还需要检查以下内容,以便它返回 3
作为我的结果
I also need to check the following so that it gives back 3
as my result
- client.name"必须是Athena"
- "client.db.@type" 必须是 "Oracle" 然后继续检查以下几点
- 未找到client.db.oracle_props.@name"字段
- 检查它是否有oracle_cursors"键,然后检查它的值是否为<1000
1 &2 are and 操作并且任何 3 或 4 满足它应该结果 3
.我需要第 4 点的帮助,下面是我的查询.也请建议是否有更好的方法.
1 & 2 are and operations and any of 3 or 4 satisfies it should result 3
. I need help with point 4, below is my query. Also please suggest if there is a better way.
PUT /eg/.percolator/3
{
"query": {
"filtered": {
"filter": {
"or": [
{
"missing": {
"field": "client.db.oracle_props.@name"
}
}
]
},
"query": {
"bool": {
"must": [
{
"match": {
"client.name": "Athena"
}
},
{
"match": {
"client.db.@type": "Oracle"
}
}
]
}
}
}
}
}
更新
我可以有类似下面的东西吗
Can I have something like below
{
"match": {
"client.db.oracle_props[name='open_cursors'].value": 4000
}
}
更多尝试
我遵循了elasticsearch 嵌套查询 并将映射更改为 nestedtype 通过重新索引.任何人都可以找到问题为什么我得到 nested: NullPointerException;
?
I followed elasticsearch nested query and changed the mapping to nestedtype by re-indexing. Can anyone find problem why am i getting nested: NullPointerException;
?
PUT /eg/.percolator/3
{
"nested" : {
"path" : "client.db.oracle_props",
"score_mode" : "avg",
"query" : {
"bool" : {
"must" : [
{
"match" : {"client.db.oracle_props.@name" : "open_cursors"}
},
{
"range" : {"client.db.oracle_props.@value" : {"lt" : 4000}}
}
]
}
}
}
}
映射变化
...
"properties": {
"@type": {
"type": "string"
},
"oracle_props": {
"type" : "nested",
"properties": {
"@name": {
"type": "string"
},
"@value": {
"type": "long"
}
}
}
}
...
推荐答案
让我们进入正题:
- 您的嵌套路径似乎映射错误,
oracle_props
是示例文档中db
的子项,但在您的映射中没有,它直接显示为子项你的根. - 您将
oracle_props.@value
映射为long
,但在CREATE_PERMISSION
处为其分配文本Y
> 嵌套文档 - 您查询
range lt 4000
,其中排除 4000,lte
适合您
- You seem to map your nested path wrong,
oracle_props
is a child item ofdb
in your example document, but not in your mapping, where it appears directly as child of your root. - You are mapping
oracle_props.@value
aslong
, but assign a textY
to it at theCREATE_PERMISSION
nested doc - You query for
range lt 4000
, which excludes 4000,lte
would fit for you
我没有得到您对缺失值的要求,因此我跳过了.
I didn't get your requirement for the missing value, hence I skipped that.
为了让你走上正确的道路,我必须稍微简化一下(因为我无法理解你问题中的所有混乱,抱歉)
To get you to the right path, I has to simplify it a bit (since I couldn't follow all the mess in your question, sorry)
我也不打算进行渗透,并将所有内容都重命名为 twitter/tweet,因为这对我来说更容易从我的示例中复制.
I'm not going into percolation either, and renamed everything to twitter/tweet, since this was easier for me to copy from my examples.
1) 创建空索引twitter"
1) Create empty index "twitter"
curl -XDELETE 'http://localhost:9200/twitter/'
curl -XPUT 'http://localhost:9200/twitter/'
2) 为实际的推文"创建 geo_point 映射
2) create geo_point mapping for the actual "tweet"
curl -XPUT 'http://localhost:9200/twitter/tweet/_mapping' -d '
{
"tweet": {
"properties": {
"db": {
"type": "object",
"properties": {
"@type": {
"type": "string"
},
"oracle_props": {
"type": "nested",
"properties": {
"@name": {
"type": "string"
},
"@value": {
"type": "string"
}
}
}
}
}
}
}
}'
3) 让我们检查一下是否设置了映射
3) Let's check if the mapping was set
curl -XGET 'http://localhost:9200/twitter/tweet/_mapping?pretty=true'
4) 发布一些带有嵌套数据的推文
4) Post some tweets, with nested data
curl -XPUT 'http://localhost:9200/twitter/tweet/1' -d '{
"name": "Athena",
"version": 1,
"db": {
"@type": "Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 64bit",
"oracle_props": [
{
"@name": "open_cursors",
"@value": 4000
},
{
"@name": "USER_ROLE_PRIVS_COUNT",
"@value": 1
},
{
"@name": "CREATE_PERMISSION",
"@value": "Y"
}
]
}
}'
5) 仅查询嵌套
curl -XGET localhost:9200/twitter/tweet/_search -d '{
"query": {
"nested" : {
"path" : "db.oracle_props",
"score_mode" : "avg",
"query" : {
"bool" : {
"must" : [
{
"term": {
"db.oracle_props.@name": "open_cursors"
}
},
{
"range": {
"db.oracle_props.@value": {
"lte": 4000
}
}
}
]
}
}
}
}
}';
6) 查询Athena"和Oracle"
6) Query "Athena" and "Oracle"
curl -XGET localhost:9200/twitter/tweet/_search -d '{
"query" : {
"bool" : {
"must" : [
{
"match" : {"tweet.name" : "Athena"}
},
{
"match" : {"tweet.db.@type" : "Oracle"}
}
]
}
}
}'
7) 合并前两个查询
curl -XGET localhost:9200/twitter/tweet/_search -d '{
"query" : {
"bool" : {
"must" : [
{
"match" : {"tweet.name" : "Athena"}
},
{
"match" : {"tweet.db.@type" : "Oracle"}
},
{
"nested" : {
"path" : "db.oracle_props",
"score_mode" : "avg",
"query" : {
"bool" : {
"must" : [
{
"term": {
"db.oracle_props.@name": "open_cursors"
}
},
{
"range": {
"db.oracle_props.@value": {
"lte": 4000
}
}
}
]
}
}
}
}
]
}
}
}'
结果为
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 2.462332,
"hits": [
{
"_index": "twitter",
"_type": "tweet",
"_id": "1",
"_score": 2.462332,
"_source": {
"name": "Athena",
"version": 1,
"db": {
"@type": "Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 64bit",
"oracle_props": [
{
"@name": "open_cursors",
"@value": 4000
},
{
"@name": "USER_ROLE_PRIVS_COUNT",
"@value": 1
},
{
"@name": "CREATE_PERMISSION",
"@value": "Y"
}
]
}
}
}
]
}
}
这篇关于如何通过键值对elasticsearch数组中的键匹配数组值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!