主页 / 问题

问题[elasticsearch]

Martin Hope
Dmitriy P
Asked: 2024-01-11 20:02:48 +0000 UTC
  • 5

有一个日志

[2024-01-10 06:35:11.4292] [DEBUG] [] [GRT.ARM.Infrastructure.Integration.Services.TRE.TREListener] TREListener connected to https://GRT-srv1.test.lan:5800/ 
[2024-01-10 06:36:38.9158] [INFO] [] [GRT.ARM.Services.Implementations.Traffic.LaneController] LaneId: 2, Вызван метод [PlateScannedAsync]: [Номер: FG522EFD5, отправлен оператором - False.]. 
[2024-01-10 06:36:38.9158] [DEBUG] [] [GRT.ARM.Services.Implementations.Traffic.LaneController] LaneId: 2, Вызван метод [PlateScannedAsync]: [Номер получен от LPS.]. 
[2024-01-10 06:36:39.0443] [DEBUG] [] [GRT.ARM.Infrastructure.Storages.LicensePlateStorage] Adding LPS event for FG5224FD5 to storage. 
[2024-01-10 06:36:39.0443] [DEBUG] [] [GRT.ARM.Infrastructure.Storages.LicensePlateStorage] Taking LPS event for FG5224FD5 from storage. 
[2024-01-10 06:36:39.0999] [DEBUG] [] [GRT.ARM.Services.Notifications.ArmEventNotification.ArmEventNotificationHandler] Sending Arm Event, type: LicensePlateRecognized, Kafka ID: b19626e7-f8bb-49a4-a190-0be172af3733 
[2024-01-10 06:36:39.1482] [DEBUG] [] [GRT.ARM.Infrastructure.SignalR.Wrappers.PassageHubWrapper] LaneId: 2, отправлен сигнал SignalR из метода [NotifyOnPlateScannedAsync] с параметрами: [Number: FG5224FD5, RecognitionLevel: Accurate]. 
[2024-01-10 06:36:41.7794] [DEBUG] [] [GRT.ARM.Services.Implementations.Traffic.LaneController] LaneId: 2, Вызван метод [CarArrivedToEntranceZoneAsync].

请帮我解析 Grok 的日志。目前我只得到这个:

^\[%{TIMESTAMP_ISO8601:timestamp}\]\s+(\[%{WORD:loglevel}\]\s+)%{NOTSPACE}\s+\[%{DATA:field3}\]?%{GREEDYDATA:message}

我将不胜感激任何帮助。

elasticsearch
Martin Hope
user512599
Asked: 2022-07-28 23:08:57 +0000 UTC
  • 0

您需要使用复杂的过滤器在 ES 中查找事件,我整理了一个工作但不完整的版本:

{
    "_source": [
        "anyField",
        "secondField",
        "anotherField",
        "_id"
    ],
    "query": {
        "bool": {
            "must": [
                {
                    "multi_match": {
                        "query": "*****",
                        "fields": [
                            "anyField",
                            "anotherField"
                        ],
                        "operator": "and"
                    }
                },
                {
                    "range": {
                        "processingTime": {
                            "gte": "1800000"
                        }
                    }
                }
            ]},
            "filter": [
                {
                    "match":{
                        "typeName": "ANYvalue"
                    }
                }
            ]
        
    },
    "size": 10000
    "sort": [
        {
            "_id": {
                "unmapped_type": "keyword",
                "order": "asc"
            }
        }
    ]
}

我需要通过“typeName”中的多个值进行选择,尝试了几次查询重建,比如这个:

{
    "_source": [
        "anyField",
        "secondField",
        "anotherField",
        "_id"
    ],
    "query": {
        "bool": {
            "must": [
                {
                    "multi_match": {
                        "query": "*****",
                        "fields": [
                            "anyField",
                            "anotherField"
                        ],
                        "operator": "and"
                    }
                },
                {
                    "range": {
                        "processingTime": {
                            "gte": "1800000"
                        }
                    }
                }
            ]},
            "filter": [
                {
                    "match":{
                        "typeName": ["ANYvalue","SECONDvalue","ANOTHERvalue"]
                    }
                }
            ]
        
    },
    "size": 10000
    "sort": [
        {
            "_id": {
                "unmapped_type": "keyword",
                "order": "asc"
            }
        }
    ]
}

你能告诉我可以修复什么吗?

elasticsearch
Martin Hope
Konstantin Fedorov
Asked: 2022-07-12 02:17:52 +0000 UTC
  • 0

在 Graylog 中,应用程序日志记录了方法的启动和传递的参数。例子:Вызов Method(1, "1,2,3,4,5"). IP Клиента 8.8.8.8. Время ожидания в очереди: 00:00:000. Время исполнения: 00:00:109. Полное время вызова: 00:00:109

问题:如何建立多次出现的搜索?需要按方法搜索并按消息中的一些ID过滤(这是"1,2,3,4,5"

类似的东西:full_message:"Вызов Method" AND full_message:/2+/。当我调用这样的搜索时,没有返回任何内容,尽管我确信有这样的日志。

如果ID完整传递,则可以达到结果,但是,因此,我需要与它们一起玩,因为 它们可以按不同的顺序发送。

full_message:"Вызов Method" AND full_message:\"1,2,3,4,5\"- 回扣

elasticsearch lucene
Martin Hope
Nepster
Asked: 2022-07-05 00:30:17 +0000 UTC
  • 0

我创建一个索引(id 是 uuid):

...
 "mappings": {
    "_field_names": {
      "enabled": true
    },
    "properties": {
      "id": {"type": "keyword"},
        ...
    }
  }
...

我正在上传数据。此外,知道 uuid 列表,我需要从弹性中获取数据。

要求:

{
  "_source": ["id", "city_code", "country_code", "name_en", "name_ru", "name_es", "name_fr", "name_it", "name_de", "name_uk"],
  "query": {
    "terms": {"id" : ["31bbcedb-3ca4-4de6-91b1-62683ec79a4f", "cfd24807-c758-444c-b38c-0a06dbccfe02"]}
  }
}

结果是空虚。如果你提出这样的请求怎么办:

{
  "_source": ["id", "city_code", "country_code", "name_en", "name_ru", "name_es", "name_fr", "name_it", "name_de", "name_uk"],
  "query": {
    "terms": {"id" : ["31bbcedb", "cfd24807"]}
  }
}

数据将到达。他不喜欢“-”这个字符。

这是如何治疗的?

elasticsearch
Martin Hope
Ghostkhimki
Asked: 2022-04-24 04:10:51 +0000 UTC
  • 0

我正在尝试在kibana(6.8.7)管理中创建索引模式->索引模式->创建索引模式我指定名称,选择创建参数,单击下一步但没有任何反应,轮子只是旋转,在浏览器控制台 f12 - 我看到一个错误POST http://elastictest:5601/api/saved_objects/index-pattern 403 (Forbidden)

我开始用谷歌搜索这个错误,在一个网站上我看到一条评论说问题正在通过解锁索引来解决,但我没有找到任何关于如何完成的信息。

告诉我在哪里挖?也许我做错了什么?

elasticsearch