原始日志如下,日志中无No such node短语:
[2024-12-27 12:27:41:676] [ERROR] - - MSG_ID:bc678557-a1d7-4216-9ab1-4934508dcadd, FUNCTION:123121, STEP:调用结束, COST:2004, CONTENT:KCXP请求超时,超时时间. 配置超时时间:2000返回结果 :AdapterResp(status:3, errCode:10000002, errInfo:11,调用超时, resultNum:1, failNum:0, failNodes:, resultSet:{11=AdapterRespChild(node:11, func:123121, status:4, errCode:-1, errInfo:KCXP请求超时, timeCost:2003, response:)})
但是通过webui检索分析和sql查询均能查出该记录:
日志里没有No such node短语 ,但通过message match_phrase "No such node" 能够搜输出
Viewed 18
2 Answers
倒排索引的分词中忽略一些词:is, a, the, it,such,no 等,这种词被认为意义不大,不会存储在分词索引中,被称作停用词,因此在匹配"No such node"的时候no和such都被忽略了,只匹配到node。
具体可参考倒排索引文档,可以设置索引的stopwords为none,即不使用停用词。
CREATE TABLE
sit100_dys_96 (
time DATETIME(6) NOT NULL,
host_ip VARCHAR(20),
env_name VARCHAR(20),
cluster_name VARCHAR(20),
system_name VARCHAR(60),
host_name VARCHAR(30),
log_file_path TEXT,
message TEXT,
INDEX idx_host_ip (host_ip) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_env_name (env_name) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_cluster_name (cluster_name) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_system_name(system_name) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_host_name (host_name) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_log_file_path (log_file_path) USING INVERTED PROPERTIES("parser" = "unicode"),
INDEX idx_message (message) USING INVERTED PROPERTIES("parser" = "unicode")
) ENGINE = OLAP DUPLICATE KEY(time) AUTO PARTITION BY RANGE(date_trunc(time, 'DAY')) () DISTRIBUTED BY RANDOM BUCKETS AUTO PROPERTIES (
"compression" = "zstd",
"compaction_policy" = "time_series",
"replication_num" = "2",
"dynamic_partition.enable" = "true",
"dynamic_partition.time_unit" = "DAY",
"dynamic_partition.start" = "-5",
"dynamic_partition.end" = "7",
"dynamic_partition.prefix" = "p",
"dynamic_partition.replication_num" = "2"
);
建表语句