Elasticsearch脚本查询主机名
我希望创建一个脚本,该脚本将查询多个主机名,如果不在索引中,并提供了未找到的结果,并提供了在服务器上找到文档的主机和计数。到目前为止,我已经有效了,但是我不确定如何使其查询多个服务器并提供正确的结果。任何帮助将不胜感激。
GET /index1*/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lt": "now"
}
}
},
{
"term": {
"host.name": "server1"
}
}
]
}
},
"aggregations": {
"hosts": {
"composite": {
"size": 1000,
"sources": [
{
"hostname": {
"terms": {
"field": "host.name"
}
}
}
]
}
}
},
"size": 0I am looking to create a script that will query multiple hostnames and provide a not found result if it is not in the index and provide the host and count of documents on the server if it is found. What I have so far seems to work, but I am unsure of how to make it query multiple servers and provide the correct result. Any help would be greatly appreciated.
GET /index1*/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lt": "now"
}
}
},
{
"term": {
"host.name": "server1"
}
}
]
}
},
"aggregations": {
"hosts": {
"composite": {
"size": 1000,
"sources": [
{
"hostname": {
"terms": {
"field": "host.name"
}
}
}
]
}
}
},
"size": 0如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
到目前为止的开端很棒!您可以简单地将
术语查询到项一个。另外,您需要利用缺少存储桶未找到结果的功能:在给定时间间隔期间具有文档的所有服务器都将有存储桶,其他所有服务器都将在“ null”存储桶中。
Great start so far! You can simply change the
termquery into atermsone. Also, you need to leverage the missing bucket feature for the not found result:All the servers which have documents during the given time interval will have buckets, all the others will be in the "null" bucket.