#get all the log events by logtype with a single value tomcat
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"query" : {
"term" : { "logtype" : "tomcat" }
}
}
'
#get all the log events by logtype with value tomcat or tomcat1
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"query" : {
"terms" : { "logtype" : ["tomcat", "tomcat1"],
"minimum_match" : 1
}
}
}
'
#get all the log events by logtype and logpath
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"query" : {
"term" : { "logtype" : "tomcat",
"logpath" : "/var/log/"
}
}
}
'
#get first 20 log events by log type and logpath
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"from" : 0, "size" : 20,
"query" : {
"term" : { "logtype" : "tomcat",
"logpath" : "/var/log/"
}
}
}
'
#get first 20 log events by log type and logpath, sort by timestamp
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"from" : 0, "size" : 20,
"sort" : [
{ "timestamp" : {"order" : "asc"} }
],
"query" : {
"term" : { "logtype" : "tomcat",
"logpath" : "/var/log/"
}
}
}
'
#get first 20 log events by log type and logpath, sort by timestamp, timestamp range from 5000 to 1000
curl -XGET 'http://ES_HOST_SERVER:9200/INDEX_NAME/153299/_search' -d '{
"from" : 25, "size" : 5,
"filter" : {
"range" : {
"timestamp" : { "from" : 5000, "to" : 10000 }
}
},
"sort" : [
{ "timestamp" : {"order" : "asc"} }
] ,
"query" : {
"term" : { "logtype" : "tomcat",
"logpath" : "/var/log/"
}
}
}
'
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
