根据时间范围查询
GET /domain_ip_log_*/_search
{
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "2019-07-02T03:30:01.000Z",
"lte": "2019-07-02T03:30:01.000Z"
}
}
}
}
}
}
根据指定字段精确查询
GET /domain_ip_log_*/_search
{
"query": {
"bool": {
"filter": {
"term": {
"sourceIP": "1.1.1.1"
}
}
}
}
}
根据指定短语精确查询
根据指定字段精确查询,但是字段是邮箱(含有特殊字符),而字段未按照string not analyzed进行索引, 可以进行短语查询
GET /domain_ip_log_*/_search
{
"query": {
"bool": {
"filter": {
"match_phrase": {
"User": "bulabula"
}
}
}
}
}
注意之前
{
"match": {
"User": {
"query": "bulabula",
"type": "phrase"
}
}
}
这种写法有的时候会遇到问题, 报错[match] query does not support [type], 所以尽量用match_phrase这种写法又简洁,又不会报错
同时根据时间范围和短语查询
GET /domain_ip_log_*/_search
{
"query": {
"bool": {
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "2019-07-02T03:30:01.000Z",
"lte": "2019-07-02T03:30:01.000Z"
}
}
},
{
"match": {
"User": {
"query": "bulabula",
"type": "phrase"
}
}
}
]
}
}
}
}
}
同时根据时间范围和字段精确查询
GET /domain_ip_log_*/_search
{
"query": {
"bool": {
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "2019-07-02T03:30:01.000Z",
"lte": "2019-07-02T03:30:01.000Z"
}
}
},
{
"match_phrase": {
"User": "bulabula"
}
}
]
}
}
}
}
}