我试图通过jbossweb查询elk,但是我的查询字符串似乎有一些错误。查询url: postretcode=new URL(host+"/logstash-default-engcim-*/_search?size=1000"); restful api:
这个还可以
String bodycontent="{"
+" \"_source\": [\"@timestamp\",\"lot_id\",\"alm_source\",\"alm_id\",\"alm_txt\"],"
+" \"query\": {"
+" \"query_string\" : {"
+" \"query\": \"type:ams_log AND "+phase+" AND (alm_id:TCS00004 OR alm_id:TCS00005 OR alm_id:TCS00007 OR alm_id:TCS00008 OR alm_id:TCS00009 OR alm_id:TCS00010 OR alm_id:TCS00011 OR alm_id:TCS00012 OR alm_id:TCS00013 OR alm_id:TCS00020 OR alm_id:TCS00024 OR alm_id:TCS00032)\"}"
+" },"
+" \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
+"}";我想过滤时间,所以我添加了范围过滤器。但是web响应:http500错误
String bodycontent="{"
+" \"_source\": [\"@timestamp\",\"lot_id\",\"alm_source\",\"alm_id\",\"alm_txt\"],"
+" \"query\": {"
+" \"bool\":{"
+" \"must\":[{"
+" \"query_string\" : {"
+" \"query\": \"type:ams_log AND "+phase+" AND (alm_id:TCS00004 OR alm_id:TCS00005 OR alm_id:TCS00007 OR alm_id:TCS00008 OR alm_id:TCS00009 OR alm_id:TCS00010 OR alm_id:TCS00011 OR alm_id:TCS00012 OR alm_id:TCS00013 OR alm_id:TCS00020 OR alm_id:TCS00024 OR alm_id:TCS00032)\"}"
+" },"
+" \"range\":{"
+" \"@timestamp\":{"
+" \"gte\":\"2021-01-02T11:00:00\","
+" \"lte\":\"now\"}"
+" }"
+ "]}},"
+" \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
+"}";谢谢!
暂无答案!
目前还没有任何答案,快来回答吧!