为什么elasticsearch过滤器没有给出任何结果，而使用kibana仪表板给出了结果？

Question

我正在使用sense查询弹性搜索。在字段上使用范围过滤器时，我得到的结果是空的，但我可以使用kibana仪表板获得结果。为什么过滤器不工作？我的问题是：

GET _search
{
  "query": { 
    "bool": { 
      "must": [
        {"match": {"field_name1": "value1"}},
        {"match": {"file_name2": "value2"}}
      ]
    }
  },
  "filter": {             <- not working (no data, but gets data from kibana)
    "range": {
      "@timestamp": {
        "gte": "2017-02-18"
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "ignore_unmapped" : true
      }
    }
  ]
}

从kibana仪表板，当我添加时间，它添加的time:(from:'2017-02-18T10:19:08.680Z',mode:absolute,to:'2017-02-19T10:19:08.680Z'))，我可以看到结果。仪表板还添加了其他一些东西，比如元数据和使用negate进行过滤，但我认为它们也是这样做的。只有时间部分似乎是不同的。那么为什么会有差异，我的查询是正确的吗？示例url：

https://elasticsearch/app/kibana#/discover?
_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-18T09:23:41.044Z',mode:absolute,to:'2017-02-19T09:23:41.044Z'))
&_a=(columns:!(description,id),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:index-value,key:field_name1,negate:!f,value:value1),query:(match:(field_name2:(query:value2,type:phrase))))),index:index-value,interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc),uiState:(),vis:(aggs:!((params:(field:field_name2,orderBy:'2',size:20),schema:segment,type:terms),(id:'2',schema:metric,type:count)),type:histogram))
&indexPattern=index-value&type=histogram

谢谢。

json响应示例：

{
  "took": some_number,
  "timed_out": false,
  "_shards": {
    "total": some_number,
    "successful": some_number,
    "failed": 0
  },
  "hits": {
    "total": some_number,
    "max_score": null,
    "hits": [
      {
        "_index": "index-name",
        "_type": "log-1",
        "_id": "alphanum",
        "_score": null,
        "_source": {
          "headers": "header-string",
          "query_string": "query-string",
          "server_variables": "server-variables",
          "cookies": "cookies",
          "extra_data": "some extra stuff",
          "exception_data_obj": {
            "stack_trace": "",
            "source": "",
            "message": "success",
            "additional_data": ""
          },
          "some_id": "211FA1F1-F312-1234-B539-F7AAE23EAA2F",
          "level": "Warn",
          "description": "Success",
          "@timestamp": "2017-01-20T01:33:27.303Z",
          "field1": "value1",
          "field2": "value2"
          "key": {
            "key.field1": "key.value1",
            "key.field2": "key.value2"
          }
          "@by": "app-name",
          "environment": "env-name"
        },
        "sort": [
          1484876007303
        ]
      },
      {}
    ]
  }
}

Answer 1

这是不同的查询，从某种意义上说，您请求的查询必须在field1和field2上查询，但在kibana中您没有