- 数据源
{
"_index": "logstash-",
"_type": "_doc",
"_id": "1884033",
"_score": 5.286411,
"_source": {
"host": "performance",
"message": {
"data": {
"messageId": "1884033",
"chatId": "xxxxxxx",
"avatar": "xxxxx",
"roomTopic": "测试文本",
"roomId": "12345664032081",
"contactName": "张三",
"contactId": "123456789",
"payload": {
"text": "测试内容"
},
"type": 7,
"timestamp": 1643425416065,
"token": "xxxxxxxxx",
"contactType": 1,
"coworker": false,
"botId": "xxxxxxx",
"botWxid": "xxxxx",
"botWeixin": "xxxxxxx"
}
},
"@timestamp": "2022-01-29T03:03:37.551Z",
"data": {
"contactName": "张三",
"contactType": 1,
"timestamp": 1643425416065,
"avatar": "xxxxxxx",
"roomId": "1234567832081",
"coworker": false,
"chatId": "1234567890",
"type": 7,
"roomTopic": "测试文本",
"contactId": "1234567890",
"botId": "xxxxxxx",
"botWxid": "xxxxxxx",
"payload": {
"text": "测试内容"
},
"token": "12345678",
"messageId": "1811184033",
"botWeixin": "xxxxxxxxxx"
},
"@version": "1"
}
}
- es 搜索条件
{
"query": {
"bool": {
"must": [
{"match": {"data.contactId.keyword": "123456789"}},
{"prefix": {"data.roomTopic.keyword": "测试"}}
],
"filter": {
"range": {"@timestamp":
{"gte": "2022-01-01 00:00:00",
"lte": "2022-01-01 23:59:59||+1M",
# 时间范围大于2022-01-01 00:00:00,小于 2022-02-01 00:00:00
"format": "yyyy-MM-dd HH:mm:ss"}
}
},
}
}
}
- must: 条件全部匹配,才会返回,会计算 score(匹配分数)
- should:只有一个条件匹配成功,就返回
- filter: 条件全部匹配,才会返回,但不会计算 score(匹配分数)
- must_not : 排除的条件,不匹配的条件
检索条件
- term: 不分词搜索
- match:分词检索
- prefix:前缀检索
- regexp:正则检索
- range:范围查询
注意事项
1、当搜索字段是text类型时:由于它会分词,在执行regexp、prefix时es会检查字段中的每个词条,而不是完整字段。
2、当搜索字段是keyword类型时:在执行regexp、prefix时es会检查字段中整个文本
官方地址:
https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html