有用鏈接:
最有用的:http://es.xiaoleilu.com/054_Query_DSL/70_Important_clauses.html
不錯的博客:http://www.cnblogs.com/letong/p/4749234.html
其他1:http://www.jianshu.com/p/14aa8b09c789
上面鏈接有點老了。新鏈接
http://elasticsearch-dsl.readthedocs.io/en/latest/
https://elasticsearch.cn/book/elasticsearch_definitive_guide_2.x/_search_lite.html
1.查詢索引中的所有內容
#coding=utf8 from elasticsearch import Elasticsearch es = Elasticsearch([{'host':'x.x.x.x','port':9200}]) index = "test" query = {"query":{"match_all":{}}} resp = es.search(index, body=query) resp_docs = resp["hits"]["hits"] total = resp['hits']['total'] print total #總共查找到的數量 print resp_docs[0]['_source']['@timestamp'] #輸出一個字段
2.用scroll分次查詢所有內容+復雜條件
過濾條件:字段A不為空且字段B不為空,且時間在過去10天~2天之間
#coding=utf8 from elasticsearch import Elasticsearch import json import datetime es = Elasticsearch([{'host':'x.x.x.x','port':9200}]) index = "test" query = { \ "query":{ \ "filtered":{ \ "query":{ \ "bool":{ \ "must_not":{"term":{"A":""}}, \ "must_not":{"term":{"B":""}}, \ } \ }, \ "filter":{ "range":{'@timestamp':{'gte':'now-10d','lt':'now-2d'}} } }\ } \ } resp = es.search(index, body=query, scroll="1m",size=100) scroll_id = resp['_scroll_id'] resp_docs = resp["hits"]["hits"] total = resp['hits']['total'] count = len(resp_docs) datas = resp_docs while len(resp_docs) > 0: scroll_id = resp['_scroll_id'] resp = es.scroll(scroll_id=scroll_id, scroll="1m") resp_docs = resp["hits"]["hits"] datas.extend(resp_docs) count += len(resp_docs) if count >= total: break print len(datas)
3.聚合
查看一共有多少種@timestamp字段
#coding=utf8 from elasticsearch import Elasticsearch es = Elasticsearch([{'host':'x.x.x.x','port':9200}]) index = "test" query = {"aggs":{"all_times":{"terms":{"field":"@timestamp"}}}} resp = es.search(index, body=query) total = resp['hits']['total'] print total print resp["aggregations"]