elasticsearch - 字段相等的 Kibana 过滤器返回两个具有不同字段值的文档
问题描述
在使用 Kibana Discover 模式时,我们发现了一个令人担忧的结果。
对于给定的索引,在特定的时间范围内,发现当过滤字段“time_stamp”(映射到长)等于特定值(1545287341)时,它返回两个文档:一个具有确切值,另一个这很接近。
这怎么可能?返回的唯一文档应该具有指定的值?弹性搜索的这种不准确响应的可能原因是什么?非常感谢您的帮助,因为这非常令人着迷。
我在这里捕获 Kibana 发送的查询。
{
"version": true,
"size": 500,
"sort": [{
"@timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}],
"_source": {
"excludes": []
},
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"interval": "3h",
"time_zone": "Etc/UTC",
"min_doc_count": 1
}
}
},
"stored_fields": ["*"],
"script_fields": {},
"docvalue_fields": ["@timestamp", "day"],
"query": {
"bool": {
"must": [{
"match_all": {}
}, {
"match_phrase": {
"dev_id.keyword": {
"query": "22170821152"
}
}
}, {
"match_phrase": {
"time_stamp": {
"query": 1545287341
}
}
}, {
"range": {
"@timestamp": {
"gte": 1544659200000,
"lte": 1545350399999,
"format": "epoch_millis"
}
}
}],
"filter": [],
"should": [],
"must_not": []
}
},
"highlight": {
"pre_tags": ["@kibana-highlighted-field@"],
"post_tags": ["@/kibana-highlighted-field@"],
"fields": {
"*": {}
},
"fragment_size": 2147483647
}
}
显示接近但不准确的响应的(编辑的)响应也在这里:
{
"responses": [{
"took": 2,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2,
"max_score": null,
"hits": [{
"_index": "pkt-2018-12",
"_type": "doc",
"_id": "CzvHahOE1jrv+tFWGorFH4gV6cs=",
"_version": 1,
"_score": null,
"_source": {
"time_stamp": 1.545287341E9,
"@timestamp": "2018-12-20T06:29:01.000Z",
},
"fields": {
"@timestamp": ["2018-12-20T06:29:01.000Z"]
},
"highlight": {
"dev_id.keyword": ["@kibana-highlighted-field@22170821152@/kibana-highlighted-field@"]
},
"sort": [1545287341000]
}, {
"_index": "pkt-2018-12",
"_type": "doc",
"_id": "PbeMWFMNpvwrjnZpBJtexDwfE9k=",
"_version": 1,
"_score": null,
"_source": {
"time_stamp": 1.545287281E9,
"@timestamp": "2018-12-20T06:28:01.000
},
"fields": {
"@timestamp": ["2018-12-20T06:28:01.000Z"]
},
"highlight": {
"dev_id.keyword": ["@kibana-highlighted-field@22170821152@/kibana-highlighted-field@"]
},
"sort": [1545287281000]
}]
},
"aggregations": {
"2": {
"buckets": [{
"key_as_string": "2018-12-20T06:00:00.000Z",
"key": 1545285600000,
"doc_count": 2
}]
}
},
"status": 200
}]
}
解决方案
推荐阅读
- python - 通过 django 管理面板登录时盐无效
- c# - ImageProcessor.Plugins.WebP - 无法加载 libwebp.dll
- css - 我们如何防止特定元素继承带有 * 符号的 CSS 规则?
- python - 在Python中对每两个连续变量运行一个操作?
- ios - Alamofire 发布请求:
- html - CSS Grid导致水平滚动条
- c# - 您可以在 IIS 上的子文件夹中托管 Blazor 应用程序吗?
- c - 如何在汇编中访问 C 结构值?
- visual-studio-code - 重命名/移动引用文件时,Visual Studio 代码中 vue 组件内的“import”语句不会更新
- swift - iOS CryptoKit AES-GCM 是否可以使用少于 12 个字节的随机数?