c# - 如何使用 Nest 从 Json ElasticSearch 获取 logType 和 level?
问题描述
我正在尝试使用 Nest Code 从 ElasticSearch 的 json 日志下方获取 loglevel 和 logType 的值。LogLevel 应该是“ERROR” LogType 应该是“Response”。我该如何编写这个 Nest 查询。我认为Nest真的很难。
var settings = new connectionsettings(new uri("http://localhost:9200")).defaultındex("mylog-2019-07-29");
var client = new elasticclient(settings);
var searchresponse = client.search<rootobject>(s => s
.allındices()
.from(0)
.size(10)
.query(q => q
.match(m => m
.field(f => f.logLevel)
.query("Error")
)
));
var r3 = client.search<rootobject>(search => search.matchall().ındex("mylog-2019-07-29")).documents;
// OR
var result = client.search<rootobject>(q => q.allındices());
var result2 = result.hits;
using (httpclient client = new httpclient())
{
var result = await client.getasync("http://localhost:9200");
var data = jsonconvert.deserializeobject<list<rootobject>>(result.content.readasstringasync().result);
}
我怎么能用下面的json做到这一点?
{
"took": 72,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2968679,
"max_score": 1.0,
"hits": [
{
"_index": "slog-2019-07-29",
"_type": "logmessage",
"_id": "335af90f-6dab-459d-95f2-df09ffb15380",
"_score": 1.0,
"_source": {
"id": "335af90f-6dab-459d-95f2-df09ffb15380",
"parentLogId": "3ccf12bb-028e-498d-bc04-1394746c1d6f",
"logDate": "2019-07-29T11:05:04.0554493Z",
"logLevel": "Information",
"logSource": "TourService",
"logType": "Response",
"environment": "Production",
"sessionId": null,
"traceId": "d6dc979e-4ce6-4c16-8f8a-7ed41c1cd87a",
"klm": null,
"data": "{\"isSuccess\":true,\"code\":null,\"message\":null,\"data\":{\"xxxx\":{\"provider\":0,\......\"xxxxxxxx\":0.0}]}]}}}",
"processCost": 107.6808,
"urlMethod": "POST",
"urlPath": "/api/tour/get",
"urlQueryString": null,
"responseStatusCode": 200,
"headers": [
{
"key": "Content-Type",
"value": [
"application/json; charset=utf-8"
]
},
{
"key": "Request-Context",
"value": [
"appId=cid-v1:ec6df344-e1df-4097-bef4-69a3cce06eb6"
]
}
],
"additionalData": {}
}
},
{
"_index": "slog-2019-07-29",
"_type": "logmessage",
.....
....
..
.
我的索引地图:
{
"slog-2019-07-29": {
"mappings": {
"logmessage": {
"properties": {
"additionalData": {
"properties": {
"data": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"method": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"url": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"caller": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"correlationId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"data": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"environment": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"headers": {
"properties": {
"key": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"value": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logDate": {
"type": "date"
},
"logLevel": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logSource": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"parentLogId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"processCost": {
"type": "float"
},
"responseStatusCode": {
"type": "long"
},
"urlMethod": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"urlPath": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"urlQueryString": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
解决方案
因为要获取字段中具有精确值的文档,所以需要使用term query。所以这个弹性搜索查询将为您工作:
GET slog-2019-07-29/_search
{
"query": {
"term": {
"logLevel.keyword": {
"value": "Information"
}
}
}
}
请注意,对于我使用logLevel.keyword而不是logLevelthis 的字段,因为logLevel.keywordfield 是关键字类型,这在您的情况下非常有用,因为 elasticsearch 不分析此类字段中的值,因此Information在 elasticsearch 中保存为Information. 这将允许您在特定字段中找到具有精确值的文档。对于另存为logLevel的类型的字段。textinformation
我们还需要使用术语查询,因为我们不希望 elasticsearch 分析我们放入的内容value。
现在,使用 NEST,您可以使用以下代码编写这样的查询:
var searchResponse = await elasticClient
.SearchAsync<Document>(s => s
.Query(q => q
.Term(t => t
.Field(f => f.LogLevel.Suffix("keyword"))
.Value("Information"))));
class Document
{
public string LogLevel { get; set; }
}
LogLevel 应该是“ERROR” LogType 应该是“Response”。
为此,您需要使用bool 查询,它允许您将多个条件组合到一个查询中。
GET slog-2019-07-29/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"logLevel.keyword": {
"value": "ERROR"
}
}
},
{
"term": {
"logType.keyword": {
"value": "Response"
}
}
}
]
}
}
}
NEST 在文档中有一个非常好的部分介绍了如何构建 bool 查询,所以我将把它留给你作为练习。
另外,我鼓励您阅读Elasticsearch: The Definitive Guide,它将为您提供有关弹性搜索的基础知识和工作原理的概览。
希望有帮助。
推荐阅读
- java - SpringBoot的异步处理如何返回自定义错误页面
- node.js - 如何添加到集合顶部/从集合底部删除(猫鼬)?
- c# - 使用选择元素 ASP.NET Core MVC 中的属性保存父项和子项
- python - 在 Flask-sqlalchemy 中按订单号在 db 中对数据进行排序
- jitsi - 如果主持人设置了会议密码,Jibri 将无法录制
- python-3.x - 算法 python3 时间效率
- python - 根据条件在列中查找值
- c# - 我如何进行异步数字排序应用程序 WPF
- javascript - 为什么我不能让我的页面附加文本并出现在我的 HTML 页面上?
- c - Visual Studio 中的 ASCII 字符看起来很奇怪