Elasticsearch 查询给出来自 cURL 和 Kibana 的不同结果
Elasticsearch query gives different results from cURL and Kibana
我是 Elasticsearch 和 kibana 的新手,我正在尝试将 Elasticsearch 与 PHP 连接起来以生成一些报告。
我正在尝试 运行 一个查询,运行 在 kibana 意义上非常好,但令人惊讶的是每当我卷曲它时都会给出不同的结果。
GET /_search
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
}
},
{
"range": {
"start_time": {
"gte": 1532889000000,
"lte": 1532975399999,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
},
"size": 0,
"aggs": {
"2": {
"terms": {
"field": "layers",
"size": 50,
"order": {
"_count": "desc"
}
}
}
}
}
当我 cURL 这个查询时,它 returns 记录而不是汇总结果。
我哪里错了?
TIA
编辑:我正在使用 Elasticsearch 2.3
我的PHP代码运行检索结果:
$jarray=array (
'query' =>
array (
'filtered' =>
array (
'query' =>
array (
'query_string' =>
array (
'query' => '*',
'analyze_wildcard' => true,
),
),
'filter' =>
array (
'bool' =>
array (
'must' =>
array (
0 =>
array (
'query' =>
array (
'query_string' =>
array (
'analyze_wildcard' => true,
'query' => '*',
),
),
),
1 =>
array (
'range' =>
array (
'start_time' =>
array (
'gte' => 1532889000000,
'lte' => 1532975399999,
'format' => 'epoch_millis',
),
),
),
),
'must_not' =>
array (
),
),
),
),
),
'size' => 0,
'aggs' =>
array (
2 =>
array (
'terms' =>
array (
'field' => 'layer_count',
'size' => 50,
'order' =>
array (
'_count' => 'desc',
),
),
),
),
);
$jdata=json_encode($jarray);
$url = '10.10.113.97:9200/my_index/_search';
echo $url.'<br><br><br><br><br><br>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_GETFIELDS, json_encode($jdata));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$return = curl_exec($ch) or die(curl_error());
curl_close($ch);
print_r(stripcslashes($return));
在您的 cURL 代码中,您需要更改聚合部分中使用的字段:
'aggs' =>
array (
2 =>
array (
'terms' =>
array (
'field' => 'layers', <--- change this line
'size' => 50,
'order' =>
array (
'_count' => 'desc',
),
),
),
),
您还需要像这样发送您的请求。我担心的是您发送的 GET 没有任何请求正文,而 ES 只会忽略您的查询并执行一般搜索。
$query = json_encode($jdata);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($query))
);
我是 Elasticsearch 和 kibana 的新手,我正在尝试将 Elasticsearch 与 PHP 连接起来以生成一些报告。
我正在尝试 运行 一个查询,运行 在 kibana 意义上非常好,但令人惊讶的是每当我卷曲它时都会给出不同的结果。
GET /_search
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
}
},
{
"range": {
"start_time": {
"gte": 1532889000000,
"lte": 1532975399999,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
},
"size": 0,
"aggs": {
"2": {
"terms": {
"field": "layers",
"size": 50,
"order": {
"_count": "desc"
}
}
}
}
}
当我 cURL 这个查询时,它 returns 记录而不是汇总结果。
我哪里错了? TIA
编辑:我正在使用 Elasticsearch 2.3
我的PHP代码运行检索结果:
$jarray=array (
'query' =>
array (
'filtered' =>
array (
'query' =>
array (
'query_string' =>
array (
'query' => '*',
'analyze_wildcard' => true,
),
),
'filter' =>
array (
'bool' =>
array (
'must' =>
array (
0 =>
array (
'query' =>
array (
'query_string' =>
array (
'analyze_wildcard' => true,
'query' => '*',
),
),
),
1 =>
array (
'range' =>
array (
'start_time' =>
array (
'gte' => 1532889000000,
'lte' => 1532975399999,
'format' => 'epoch_millis',
),
),
),
),
'must_not' =>
array (
),
),
),
),
),
'size' => 0,
'aggs' =>
array (
2 =>
array (
'terms' =>
array (
'field' => 'layer_count',
'size' => 50,
'order' =>
array (
'_count' => 'desc',
),
),
),
),
);
$jdata=json_encode($jarray);
$url = '10.10.113.97:9200/my_index/_search';
echo $url.'<br><br><br><br><br><br>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_GETFIELDS, json_encode($jdata));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$return = curl_exec($ch) or die(curl_error());
curl_close($ch);
print_r(stripcslashes($return));
在您的 cURL 代码中,您需要更改聚合部分中使用的字段:
'aggs' =>
array (
2 =>
array (
'terms' =>
array (
'field' => 'layers', <--- change this line
'size' => 50,
'order' =>
array (
'_count' => 'desc',
),
),
),
),
您还需要像这样发送您的请求。我担心的是您发送的 GET 没有任何请求正文,而 ES 只会忽略您的查询并执行一般搜索。
$query = json_encode($jdata);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($query))
);