PHP通过API对ES进行搜索后发现只能获取10条数据,搜索语句如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
{ "query": {
"filtered": {
"query": {
"query_string": {
"query": "level:\"警告\" AND source_name:\"ASP.NET\" ",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1494309300,
"lte": 1494489299,
"format": "epoch_second"
}
}
}
],
"must_not": []
}
}
}
}} |
其余ES如果没有指定SIZE的话,默认是10条
http://elasticsearch-py.readthedocs.io/en/master/api.html#elasticsearch.Elasticsearch.search
但是size也不能超过10000,否则也会报错。
修改搜索语句如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
{ "size": 10000,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "level:\"警告\" AND source_name:\"ASP.NET\" ",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1494309300,
"lte": 1494489299,
"format": "epoch_second"
}
}
}
],
"must_not": []
}
}
}
}} |
即可
经过以上还会出现问题,就是当数据超过一定量的时候,无法获取最新数据,原因是每次获取数据都是从1到10000条,当10000条之后的数据就无法显示了。基于此我们不建议时间跨度超过10000条数据,防止数据丢失。因此我们需要对其进行时间排序,让最新的数据靠前:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
{ "size": 10000,
"sort": [
{
"@timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"query": {
"filtered": {
"query": {
"query_string": {
"query": "level:\"警告\" AND source_name:\"ASP.NET\" ",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1494309300,
"lte": 1494489299,
"format": "epoch_second"
}
}
}
],
"must_not": []
}
}
}
}} |