Elasticsearch 术语与匹配
Elasticsearch term vs match
我必须在 2 个条件下编写搜索查询。
- 时间戳
- 目录
当我在如下搜索查询中使用匹配时
{
"query":{
"bool":{
"must":{
"match":{
"directory":"/user/ayush/test/error/"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2020-08-25 01:00:00",
"lte":"2020-08-25 01:30:00",
"format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
在过滤结果中,我得到了目录
的记录
/user/ayush/test/error//user/hive//user/
但是当我使用如下术语时
{
"query":{
"bool":{
"must":{
"term":{
"directory":"/user/ayush/test/error/"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2020-08-25 01:00:00",
"lte":"2020-08-25 01:30:00",
"format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
我没有得到任何结果,即使是目录值 /user/ayush/test/error/
The match query analyzes the input string and constructs more basic
queries from that.
The term query matches exact terms.
参考这些博客以获取详细信息:
https://discuss.elastic.co/t/term-query-vs-match-query/14455
elasticsearch match vs term query
字段值/user/ayush/test/error/分析如下:
POST/_analyze
{
"analyzer" : "standard",
"text" : "/user/ayush/test/error/"
}
生成的令牌是:
{
"tokens": [
{
"token": "user",
"start_offset": 1,
"end_offset": 5,
"type": "<ALPHANUM>",
"position": 0
},
{
"token": "ayush",
"start_offset": 6,
"end_offset": 11,
"type": "<ALPHANUM>",
"position": 1
},
{
"token": "test",
"start_offset": 12,
"end_offset": 16,
"type": "<ALPHANUM>",
"position": 2
},
{
"token": "error",
"start_offset": 17,
"end_offset": 22,
"type": "<ALPHANUM>",
"position": 3
}
]
}
索引数据:
{ "directory":"/user/ayush/test/error/" }
{ "directory":"/user/ayush/" }
{ "directory":"/user" }
使用术语查询的搜索查询:
词条查询不会对搜索词条应用任何分析器,因此只会在倒排索引中查找确切的词条。所以要搜索确切的术语,您需要使用 directory.keyword 或更改字段的映射。
{
"query": {
"term": {
"directory.keyword": {
"value": "/user/ayush/test/error/",
"boost": 1.0
}
}
}
}
术语查询的搜索结果:
"hits": [
{
"_index": "my_index",
"_type": "_doc",
"_id": "1",
"_score": 0.9808291,
"_source": {
"directory": "/user/ayush/test/error/"
}
}
]
我必须在 2 个条件下编写搜索查询。
- 时间戳
- 目录
当我在如下搜索查询中使用匹配时
{
"query":{
"bool":{
"must":{
"match":{
"directory":"/user/ayush/test/error/"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2020-08-25 01:00:00",
"lte":"2020-08-25 01:30:00",
"format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
在过滤结果中,我得到了目录
的记录/user/ayush/test/error//user/hive//user/
但是当我使用如下术语时
{
"query":{
"bool":{
"must":{
"term":{
"directory":"/user/ayush/test/error/"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2020-08-25 01:00:00",
"lte":"2020-08-25 01:30:00",
"format":"yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
}
我没有得到任何结果,即使是目录值 /user/ayush/test/error/
The match query analyzes the input string and constructs more basic queries from that.
The term query matches exact terms.
参考这些博客以获取详细信息:
https://discuss.elastic.co/t/term-query-vs-match-query/14455
elasticsearch match vs term query
字段值/user/ayush/test/error/分析如下:
POST/_analyze
{
"analyzer" : "standard",
"text" : "/user/ayush/test/error/"
}
生成的令牌是:
{
"tokens": [
{
"token": "user",
"start_offset": 1,
"end_offset": 5,
"type": "<ALPHANUM>",
"position": 0
},
{
"token": "ayush",
"start_offset": 6,
"end_offset": 11,
"type": "<ALPHANUM>",
"position": 1
},
{
"token": "test",
"start_offset": 12,
"end_offset": 16,
"type": "<ALPHANUM>",
"position": 2
},
{
"token": "error",
"start_offset": 17,
"end_offset": 22,
"type": "<ALPHANUM>",
"position": 3
}
]
}
索引数据:
{ "directory":"/user/ayush/test/error/" }
{ "directory":"/user/ayush/" }
{ "directory":"/user" }
使用术语查询的搜索查询:
词条查询不会对搜索词条应用任何分析器,因此只会在倒排索引中查找确切的词条。所以要搜索确切的术语,您需要使用 directory.keyword 或更改字段的映射。
{
"query": {
"term": {
"directory.keyword": {
"value": "/user/ayush/test/error/",
"boost": 1.0
}
}
}
}
术语查询的搜索结果:
"hits": [
{
"_index": "my_index",
"_type": "_doc",
"_id": "1",
"_score": 0.9808291,
"_source": {
"directory": "/user/ayush/test/error/"
}
}
]