问题
For reference here is the code. I am trying to make a hubot plugin that logs to elasticsearch and then uses hubot commands to search those logs.
https://gist.github.com/4050748
I am trying to retrieve records that match two queries.
{
query: {
match: {
user: "SomeUsername"
},
range: {
date: {
from: (Date.now() - 3600)
}
}
},
size: 50
}
I was expecting:
- Up to 50 records
- records that had the given user
- records in the last hour
I got:
- up to 10 records
- records that had the given user
- from any time
How do I get all the records with some username in the last hour? Do I need to use match_all with filters? Is what I am attempting unsupported?
In SQL it would be something like:
Select (*) from messages where user_name = ? and time > ?
回答1:
You need to use the bool query to combine different queries together. You can then choose whether each single query must match, should match (optional), or must not match.
回答2:
For anyone who stumbles on this question and wonders what it looks like to combine a match and range query in ElasticSearch, this example would look like
curl 'localhost:9200/<index>/_search?pretty=true' -d '{
"query" : {
"bool": {
"must": [
{
"match": {
"user": "SomeUsername"
}
},
{
"range" : {
"date": {
"gt": "now-1h"
}
}
}
]
}
}
}'
来源:https://stackoverflow.com/questions/13352146/how-do-i-combine-multiple-queries-in-elasticsearch