参考:https://www.cnblogs.com/ljhdo/p/5040252.html
组合查询方式表达 :
(tht.suuid = S2019011118 or tht.suuid = S2020010047 ) and net.src_ip = "172.16.71.129“ and input_time > 1603296000
curl "http://127.0.0.1:9200/t-2020-10-22/_search" -H 'Content-Type: application/json' -s -d '
{"query":
{"bool":{
"must":
{"bool":
{"should":[
{"match": {"tht.suuid": "S2020010047"}},
{"match": {"tht.suuid": "S2019011118"}}]
}
},
"must":
{"match":
{"net.src_ip": "172.16.71.129"}
},
"must": {"range": {"input_time": {"gte": 1603296000 }}}
}
}
}'|jq "."|more
没有评论:
发表评论