Kibana按照索引過濾數據
1.創建索引模式
2.查詢索引中的數據
Es查詢不返回數據
創建索引的時候指定mapping
mappings={ "mappings": { "_doc": { "_source": { "enabled": True } } } } # print("創建新的索引") es.indices.create(index=indexname,body=mappings)
查詢的時候指定返回哪些字段
1.開發工具智能提示查詢
Es處理查詢超時問題
class esLogAPI(object): def __init__(self,url): self.es = Elasticsearch(url,timeout=50) res = self.es.search(body=body)
手動安裝elasticsearch模塊
copying elasticsearch6.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO zip_safe flag not set; analyzing archive contents... creating 'dist/elasticsearch6-6.4.2-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing elasticsearch6-6.4.2-py2.7.egg Removing /usr/lib/python2.7/site-packages/elasticsearch6-6.4.2-py2.7.egg Copying elasticsearch6-6.4.2-py2.7.egg to /usr/lib/python2.7/site-packages elasticsearch6 6.4.2 is already the active version in easy-install.pth Installed /usr/lib/python2.7/site-packages/elasticsearch6-6.4.2-py2.7.egg Processing dependencies for elasticsearch6==6.4.2 Searching for urllib3==1.24.1 Best match: urllib3 1.24.1 Adding urllib3 1.24.1 to easy-install.pth file Using /usr/lib/python2.7/site-packages Finished processing dependencies for elasticsearch6==6.4.2 [root@ elasticsearch6-6.4.2]# python Python 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from elasticsearch6 import * >>> from elasticsearch import * Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: No module named elasticsearch >>> exit()
Es查詢聚合按時間段切分
在聚合得基礎上按時間段切分分組可以使用date histogram
body2={"aggs":{"3":{"date_histogram":{"field":"mydate","interval":"1d","time_zone":"Asia/Shanghai","min_doc_count":0},"aggs":{"2":{"cardinality":{"field":"uid"}}}}},"size":0,"_source":{"excludes":[]},"stored_fields":["*"],"script_fields":{},"docvalue_fields":[{"field":"@timestamp","format":"date_time"},{"field":"canvas-workpad.@created","format":"date_time"},{"field":"canvas-workpad.@timestamp","format":"date_time"},{"field":"maps-telemetry.timeCaptured","format":"date_time"},{"field":"mydate","format":"date_time"},{"field":"task.runAt","format":"date_time"},{"field":"task.scheduledAt","format":"date_time"},{"field":"updated_at","format":"date_time"},{"field":"url.accessDate","format":"date_time"},{"field":"url.createDate","format":"date_time"}],"query":{"bool":{"must":[{"match_all":{}},{"match_all":{}},{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"czmc":"start:查詢明細列表"}}]}},{"range":{"mydate":{"gte":1568365700473,"lte":1570957700473,"format":"epoch_millis"}}},{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"czmc":"start:查詢明細列表"}}]}}],"filter":[],"should":[],"must_not":[]}},"timeout":"30000ms"}
創建自定義索引的時候無法保存自定義列的數據
outlist.append({"channelId":item["key"],"appId":item["3"]["buckets"][0]["key"]})
for data in outlist:
res = es.index(index=indexname, doc_type="doc", body=data)
1.修改默認doc類型的mapping,把自定義的列加入到默認mapping配置中
2.把自己的數據存入到在mapping中已經存在的某個字段中
