1. 首頁
  2. 問答
  3. Kibana:文本中搜索字符串

Kibana:文本中搜索字符串

2017-02-28 150 views
0

我在Kibana包含此日誌消息:Kibana:文本中搜索字符串

org.hibernate.exception.GenericJDBCException: Cannot open connection 
at org.springframework.orm.hibernate3.HibernateTransactionManager.doBegin(HibernateTransactionManager.java:597)

未返回結果實際搜索:log_message:「Hibernate3的」

如果我搜索「hibernate3」這條消息不會出現。我正在使用Elasticsearch模板,並對該字段進行了索引編制,但也希望能夠執行不區分大小寫的全文搜索。這可能嗎?

模板正在使用中:

{ 
"template": "filebeat-*", 
"mappings": { 
    "mainProgram": { 
     "properties": { 
      "@timestamp": { 
       "type": "date", 
       "format": "strict_date_optional_time||epoch_millis" 
      }, 
      "@version": { 
       "type": "text" 
      }, 
      "beat": { 
       "properties": { 
        "hostname": { 
         "type": "text" 
        }, 
        "name": { 
         "type": "text" 
        } 
       } 
      }, 
      "class_method": { 
       "type": "text", 
       "fielddata": "true", 
       "index": "true" 
      }, 
      "class_name": { 
       "type": "text", 
       "fielddata": "true" 
      }, 
      "clientip": { 
       "type": "ip", 
       "index": "not_analyzed" 
      }, 
      "count": { 
       "type": "long" 
      }, 
      "host": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "input_type": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "log_level": { 
       "type": "text", 
       "fielddata": "true", 
       "index": "true" 
      }, 
      "log_message": { 
       "type": "text", 
       "index": "true" 
      }, 
      "log_timestamp": { 
       "type": "text" 
      }, 
      "log_ts": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "message": { 
       "type": "text" 
      }, 
      "offset": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "query_params": { 
       "type": "text", 
       "index": "true" 
      }, 
      "sessionid": { 
       "type": "text", 
       "index": "true" 
      }, 
      "source": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "tags": { 
       "type": "text" 
      }, 
      "thread": { 
       "type": "text", 
       "index": "true" 
      }, 
      "type": { 
       "type": "text" 
      }, 
      "user_account_combo": { 
       "type": "text", 
       "index": "true" 
      }, 
      "version": { 
       "type": "text" 
      } 
     } 
    }, 
    "access": { 
     "properties": { 
      "@timestamp": { 
       "type": "date", 
       "format": "strict_date_optional_time||epoch_millis" 
      }, 
      "@version": { 
       "type": "text" 
      }, 
      "beat": { 
       "properties": { 
        "hostname": { 
         "type": "text" 
        }, 
        "name": { 
         "type": "text" 
        } 
       } 
      }, 
      "clientip": { 
       "type": "ip", 
       "index": "not_analyzed" 
      }, 
      "count": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "host": { 
       "type": "text", 
       "index": "true" 
      }, 
      "input_type": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "log_timestamp": { 
       "type": "text" 
      }, 
      "log_ts": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "message": { 
       "type": "text" 
      }, 
      "offset": { 
       "type": "long", 
       "index": "not_analyzed" 
      }, 
      "query_params": { 
       "type": "text", 
       "index": "true" 
      }, 
      "response_time": { 
       "type": "long" 
      }, 
      "sessionid": { 
       "type": "text", 
       "index": "true" 
      }, 
      "source": { 
       "type": "text", 
       "index": "not_analyzed" 
      }, 
      "statuscode": { 
       "type": "long" 
      }, 
      "tags": { 
       "type": "text" 
      }, 
      "thread": { 
       "type": "text", 
       "index": "true" 
      }, 
      "type": { 
       "type": "text", 
       "index": "true" 
      }, 
      "uripath": { 
       "type": "text", 
       "index": "true" 
      }, 
      "user_account_combo": { 
       "type": "text", 
       "index": "true" 
      }, 
      "verb": { 
       "type": "text", 
       "index": "true" 
      } 
     } 
    } 
} 
}

來源

2017-02-28 A_Elric

回答

0

根據你的情況,你要找什麼是分析string這將首先分析字符串,然後建立索引。來自doc的引用。

換句話說,將該字段索引爲全文。

因此確保,你有你必要的字段映射正確,這樣你就可以做的文檔一個全文搜索。

假設,在Kibana如果日誌線是場message下,你可以簡單地通過搜索詞:

message:"hibernate3"

您可能還需要參考this,找出Term Based之間的差異和Full-Text

編輯

有場log_message的映射,如:

"log_message": { 
     "type": "string", <- to make it analyzed 
     "index": "true" 
}

也可以嘗試做一個通配符搜索這樣:

{"wildcard":{"log_message":"*.hibernate3.*"}}

希望這有助於!

來源

2017-02-28 17:39:56 Kulasangar

+0

由於某種原因,這不起作用: log_message:「。hibernate3」。沒有結果返回。 - 其中,log_message是消息的子集。我的ElasticSearch模板的索引爲:log_message \t type \t text index \t TRUE –

+0

上面更新的模板 –

+0

所以你的意思是,你沒有在Kibana中看到一個名爲'log_message'的單獨字段? – Kulasangar

相關問題

 相關問題