我试图通过jbossweb查询elk，但是我的查询字符串似乎有一些错误。查询url: postretcode=new URL(host+"/logstash-default-engcim-*/_search?size=1000"); restful api：
这个还可以

String bodycontent="{"
                    +"  \"_source\": [\"@timestamp\",\"lot_id\",\"alm_source\",\"alm_id\",\"alm_txt\"],"
                    +"  \"query\": {"
                    +"    \"query_string\" : {"
                    +"       \"query\": \"type:ams_log AND "+phase+" AND (alm_id:TCS00004 OR alm_id:TCS00005 OR alm_id:TCS00007 OR alm_id:TCS00008 OR alm_id:TCS00009 OR alm_id:TCS00010 OR alm_id:TCS00011 OR alm_id:TCS00012 OR alm_id:TCS00013 OR alm_id:TCS00020 OR alm_id:TCS00024 OR alm_id:TCS00032)\"}"
                    +"  },"
                    +"  \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
                    +"}";

我想过滤时间，所以我添加了范围过滤器。但是web响应：http500错误

String bodycontent="{"
                    +"  \"_source\": [\"@timestamp\",\"lot_id\",\"alm_source\",\"alm_id\",\"alm_txt\"],"
                    +"  \"query\": {"
                    +"  \"bool\":{"
                    +"  \"must\":[{"
                    +"  \"query_string\" : {"
                    +"  \"query\": \"type:ams_log AND "+phase+" AND (alm_id:TCS00004 OR alm_id:TCS00005 OR alm_id:TCS00007 OR alm_id:TCS00008 OR alm_id:TCS00009 OR alm_id:TCS00010 OR alm_id:TCS00011 OR alm_id:TCS00012 OR alm_id:TCS00013 OR alm_id:TCS00020 OR alm_id:TCS00024 OR alm_id:TCS00032)\"}"
                    +"  },"
                    +"  \"range\":{"
                    +"  \"@timestamp\":{"
                    +"  \"gte\":\"2021-01-02T11:00:00\","
                    +"  \"lte\":\"now\"}"
                    +"  }"
                    + "]}},"
                    +"  \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
                    +"}";

谢谢！