篩選查詢對於Elasticsearch從Logstash

Question

我想用一個查詢中logstash的elasticsearch輸入濾波這些參數>

**host.raw = host 1 OR host 2 
& 
code != "123"** 

我怎麼會做查詢？我一直在嘗試了一段時間沒有成功 ES版本的幾件事情是1.7.1

input{ 
elasticsearch { 
     host=> 
     query => '{ "query": .... }' 

Answer 1

你可以試試這個查詢：

{ 
    "query": { 
    "bool": { 
     "should": [ 
     { 
      "term": { 
      "host.raw": "host 1" 
      } 
     }, 
     { 
      "term": { 
      "host.raw": "host 2" 
      } 
     } 
     ], 
     "must_not": { 
     "term": { 
      "code": "123" 
     } 
     } 
    } 
    } 
} 

設置上面的查詢到你的配置會產生這樣的：

input{ 
    elasticsearch { 
     host => "..." 
     query => '{"query": {"bool":{"should":[{"term":{"host.raw":"host 1"}},{"term":{"host.raw":"host 2"}}], "must_not":{"term":{"code":"123"}}}}}'