如何从 elasticSearch 的查询结果中查询 _source 中的具体值？

Question

我正在通过 Elastic Search 收集日志。我通过查询查找结果。

使用以下查询查询时

GET test/_search
{
  "query": {
    "match_all":{
    }
  }
}

查询结果如下

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 100,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "test",
        "_id" : "1a2b3c4d5e6f",
        "_score" : 1.0,
        "_source" : {
          "team" : "Marketing"
          "number" : "3"
          "name" : "Mark"
        }
      },
      {
        "_index" : "test",
        "_id" : "1a2b3c4d5e66",
        "_score" : 1.0,
        "_source" : {
          "team" : "HR"
          "number" : "1"
          "name" : "John"
        }
      }, 
      ........

但是，我想查询如下（具体值Inner_hits）

{
    "name": "Mark"
},
{
    "name": "John"
},

那么，如何查询特定值inner_hits？

谢谢。

Answer 1

您可以简单地使用 ES 的 source_filtering feature，因此在您的情况下，您的查询将如下所示：

{
    "_source": "name",
    "query": {
        "match_all": {}
    }
}

它 returns 的搜索结果类似于

"hits": [
            {
                "_index": "64214413",
                "_type": "_doc",
                "_id": "1",
                "_score": 1.0,
                "_source": {
                    "name": "Mark"
                }
            },
            {
                "_index": "64214413",
                "_type": "_doc",
                "_id": "2",
                "_score": 1.0,
                "_source": {
                    "name": "John"
                }
            }
        ]

如何从 elasticSearch 的查询结果中查询 _source 中的具体值？

How can I search the specific value in the _source from elasticSearch inquired result?

elasticsearch

elasticsearch-query