PHP通过API对ES进行搜索后发现只能获取10条数据,搜索语句如下:

{"query":{"filtered":{"query":{"query_string":{"query":"level:\"警告\"ANDsource_name:\"ASP.NET\"","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"gte":1494309300,"lte":1494489299,"format":"epoch_second"}}}],"must_not":[]}}}}}

其余ES如果没有指定SIZE的话,默认是10条

http://elasticsearch-py.readthedocs.io/en/master/api.html#elasticsearch.Elasticsearch.search

但是size也不能超过10000,否则也会报错。


修改搜索语句如下:

{"size":10000,"query":{"filtered":{"query":{"query_string":{"query":"level:\"警告\"ANDsource_name:\"ASP.NET\"","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"gte":1494309300,"lte":1494489299,"format":"epoch_second"}}}],"must_not":[]}}}}}

即可


经过以上还会出现问题,就是当数据超过一定量的时候,无法获取最新数据,原因是每次获取数据都是从1到10000条,当10000条之后的数据就无法显示了。基于此我们不建议时间跨度超过10000条数据,防止数据丢失。因此我们需要对其进行时间排序,让最新的数据靠前:

{"size":10000,"sort":[{"@timestamp":{"order":"desc","unmapped_type":"boolean"}}],"query":{"filtered":{"query":{"query_string":{"query":"level:\"警告\"ANDsource_name:\"ASP.NET\"","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"gte":1494309300,"lte":1494489299,"format":"epoch_second"}}}],"must_not":[]}}}}}