參考:https://www.cnblogs.com/kyleinjava/p/10497042.html
https://blog.csdn.net/luanpeng825485697/article/details/83411704
elasticsearch定義了兩種查詢方式
一.索引(index),type,document相關語句
1,列出所有索引狀態
GET /_cat/indices?v
可以使用kibana的dev tools
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size yellow open metricbeat-6.3.1-2019.09.30 AzJBakNPSP-OqcByGT9xOw 1 1 53244 0 10mb 10mb yellow open watcher_alarms AIc2q3VhTLedzu6ljScOjA 5 1 0 0 1.2kb 1.2kb yellow open website Big3pMt4QTmx4rCii_7jqw 5 1 0 0 1.1kb 1.1kb yellow open metricbeat-6.3.1-2019.09.29 Lv8UC-H7Q4GRShXvCKVwkg 1 1 135000 0 25.4mb 25.4mb yellow open watcher_alarms-2019.09.27 kJOeaPQXRAOI17qB11eL-A 5 1 1033 0 383.6kb 383.6kb yellow open watcher_alarms-2019.09.26 GAAJ8Uc1QvuoxjUWau6Dcg 5 1 1876 0 619.9kb 619.9kb green open .kibana 3DFTWNpIQ4yMq3wYNmxfPw 1 0 130 2 292.4kb 292.4kb yellow open watcher_alarms-2019.09.28 H4KySJ6lQqaKYb6r7-8TzA 5 1 43 0 593.6kb 593.6kb yellow open system-log-2019.09 uCdgYBmASpCjxO9-DyGyOg 5 1 49005 0 42.7mb 42.7mb yellow open watcher_alarms-2019.09.29 eYDS-TN4RLqOpY0D1OExEQ 5 1 133 0 319.9kb 319.9kb
字段說明
health:健康狀態 red,yellow,green status:狀態open index:索引名 uuid:唯一標識符uuid pri:主分片數 rep:副本數 docs.count:總計多少條日志 docs.deleted:刪除記錄 store.size:存儲該index文件的大小 pri.store.size:主存儲大小
2,查詢索引詳細信息
GET /index1,index2 查詢索引index1和索引index2的基本信息 GET /_all 查詢所有的基本信息 GET /s* 使用通配符來查詢所有以s開頭的索引信息
3,創建索引
setting中可以設置索引的的主分片數number_of_shards默認為5,和主分片的副本數number_of_replicas默認是1;
mapping中主要設置各個type的映射關系
PUT /my_index
{
"settings": {... any setting ...}
"mappings": {
"type_one": {... any mappings ...},
"type_two": {... any mappings ...},
...
}
}
創建一個索引gb
PUT /gb
{
"mappings": {
"tweet" : {
"properties" : {
"tweet" : {
"type" : "text",
"analyzer": "english"
},
"date" : {
"type" : "date"
},
"name" : {
"type" : "text"
},
"user_id" : {
"type" : "long"
}
}
}
}
}
創建成功提示
{
"acknowledged": true,
"shards_acknowledged": true,
"index": "index1"
}
查看剛創建的索引gb的詳細信息
GET /gb
{
"gb": {
"aliases": {},
"mappings": {
"tweet": {
"properties": {
"date": {
"type": "date"
},
"name": {
"type": "text"
},
"tweet": {
"type": "text",
"analyzer": "english"
},
"user_id": {
"type": "long"
}
}
}
},
"settings": {
"index": {
"creation_date": "1569814449442",
"number_of_shards": "5",
"number_of_replicas": "1",
"uuid": "841k18xLSHOOltY_1UKrSA",
"version": {
"created": "6020499"
},
"provided_name": "index1"
}
}
}
}
4,刪除索引
DELETE /index1 #刪除索引index1 DELETE /_all #刪除所有索引,慎用 DELETE /*
5,在索引的映射中增加一個字段
PUT /gb/_mapping/tweet
{
"properties": {
"tag": {
"type": "text",
"index": false
}
}
}
運行成功返回
{
"acknowledged": true
}
增加字段之前的映射mapping信息
使用命令 查看
GET /gb/_mapping
返回
{
"gb": {
"mappings": {
"tweet": {
"properties": {
"date": {
"type": "date"
},
"name": {
"type": "text"
},
"tweet": {
"type": "text",
"analyzer": "english"
},
"user_id": {
"type": "long"
}
}
}
}
}
}
添加成功以后查看
{
"gb": {
"mappings": {
"tweet": {
"properties": {
"date": {
"type": "date"
},
"name": {
"type": "text"
},
"tag": {
"type": "text",
"index": false
},
"tweet": {
"type": "text",
"analyzer": "english"
},
"user_id": {
"type": "long"
}
}
}
}
}
}
6,查看某個type的映射關系
GET /{index}/_mapping/{type}
GET /gb/_mapping/tweet
///返回
{
"gb": {
"mappings": {
"tweet": {
"properties": {
"date": {
"type": "date"
},
"name": {
"type": "text"
},
"tag": {
"type": "text",
"index": false
},
"tweet": {
"type": "text",
"analyzer": "english"
},
"user_id": {
"type": "long"
}
}
}
}
}
}
7,在索引文檔中添加或者替換文檔
在添加的時候id並不是必須的,如果沒有id則會隨機產生一個id需要使用POST才能隨機生成id
往索引gb里面添加一條數據指定id為1
PUT /gb/tweet/1
{
"username":"liuym",
"user_id":16
}
返回
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 0,
"_primary_term": 1
}
搜索剛剛添加的數據
GET /gb/_server
也可以通過GET方式查詢id查看
GET /gb/tweet/1
///返回
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 1,
"found": true,
"_source": {
"username": "liuym",
"user_id": 16
}
}
也可以只查看_source中部分字段,例如只查看name
GET /gb/tweet/1?_source=name
8,更新索引文檔中的內容
PUT /{index}/{type}/{id}
POST /{index}/{type}/{id}/_update
一種是使用PUT方法舊數據全部覆蓋,使用新數據代替
PUT /gb/tweet/1
{
"name":"zhangsan",
"user_id":8
}
修改后內容
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 6,
"found": true,
"_source": {
"name": "zhangsan",
"user_id": 9
}
}
一種是通過POST方式,只對部分字段進行修改
POST gb/tweet/1/_update
{
"doc":{
"username": "zhansan"
}
}
PS:注意最后加更新_update 內部需要加doc
9,刪除文檔
DELETE /{index}/{type}/{id}
刪除id為1的文檔
DELETE /gb/tweet/1
返回
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 14,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 14,
"_primary_term": 1
}
查看沒有數據了
GET /gb/tweet/1
返回
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"found": false
}
found為false就是沒有發現
10,批處理
批量添加
POST /gb/tweet/_bulk
{"index":{"_id":"1"}}
{"name":"zhangsan"}
{"index":{"_id":"2"}}
{"name":"lisi"}
返回
{
"took": 39,
"errors": false,
"items": [
{
"index": {
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 6,
"_primary_term": 1,
"status": 201
}
},
{
"index": {
"_index": "gb",
"_type": "tweet",
"_id": "2",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 4,
"_primary_term": 1,
"status": 201
}
}
]
}
查看
GET /gb/_search
返回
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2,
"max_score": 1,
"hits": [
{
"_index": "gb",
"_type": "tweet",
"_id": "2",
"_score": 1,
"_source": {
"name": "lisi"
}
},
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_score": 1,
"_source": {
"name": "zhangsan"
}
}
]
}
}
批量更新與刪除
POST /gb/tweet/_bulk
{"update":{"_id":"1"}}
{"doc":{"name":"wangwu"}}
{"delete":{"_id":"2"} }
修改_id為1的name字段,刪除_id為2的數據
返回
{
"took": 48,
"errors": false,
"items": [
{
"update": {
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_version": 2,
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 7,
"_primary_term": 1,
"status": 200
}
},
{
"delete": {
"_index": "gb",
"_type": "tweet",
"_id": "2",
"_version": 2,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 5,
"_primary_term": 1,
"status": 200
}
}
]
}
查看是否修改成功
GET /gb/tweet/_search
返回
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1,
"hits": [
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_score": 1,
"_source": {
"name": "wangwu"
}
}
]
}
}
修改字段成功並且刪除了_id為2的數據
11,批量導入大量數據
curl -H "Content-Type: application/json" -XPOST "localhost:9200/bank/account/_bulk?pretty&refresh" --data-binary "@accounts.json"
12,查詢文檔數
#查詢所有文檔數 GET /_count
返回
{
"count": 759185,
"_shards": {
"total": 61,
"successful": 61,
"skipped": 0,
"failed": 0
}
}
#查詢索引gb中的文檔數 GET /gb/_count
#查詢某個type的文檔數 GET /gb/tweet/_count
二,簡單查詢
1,使用GET請求
GET /gb/tweet/_search
返回
{
"took": 2, #查詢執行時間單位是毫秒
"timed_out": false, #查詢是否超時
"_shards": { #表示查詢參與的分片總數,以及這些分片成功了多少個失敗了多少個
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": { #所有查詢到的結果
"total": 1, #匹配的文檔總數
"max_score": 1, #結果中最大評分
"hits": [
{
"_index": "gb", #索引名稱
"_type": "tweet", #type名稱
"_id": "1", #id名稱
"_score": 1, #評分
"_source": { #存儲的數據源信息
"name": "wangwu"
}
}
]
}
}
2,同時查詢多索引多類型的數據
GET /_search #在所有索引中搜索所有的類型 GET /gb/_search #在gb索引中搜索所有的類型 GET /gb,us/_search #在 gb 和 us 索引中搜索所有的文檔 GET /g*,u*/_search #在任何以 g 或者 u 開頭的索引中搜索所有的類型 GET /gb/tweet/_search #在gb索引中搜索tweet類型 GET /gb,us/user,tweet/_search在 gb 和 us 索引中搜索 user 和 tweet 類型 GET /_all/user,tweet/_search在所有的索引中搜索 user 和 tweet 類型
3,不查詢文檔的元數據,只查詢source部分的數據
GET /{index}/{type}/{id}/_source
示例
GET /gb/tweet/1/_source
返回
{
"name": "wangwu"
}
三,請求體查詢
1,查詢所有文檔
默認評分是1,可以通過設置boost來,由於有些代理服務器不支持GET請求帶請求體,所以實際中還是要用POST請求。
GET /gb/_search
{
"query": {
"match_all": {}
}
}
返回
{
"took": 11,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1,
"hits": [
{
"_index": "gb",
"_type": "tweet",
"_id": "1",
"_score": 1,
"_source": {
"name": "wangwu"
}
}
]
}
}
2,分頁查詢所有文檔
GET /system-log-2019.09/_search
{
"query": {
"match_all": {}
},
"from": 0,
"size": 2
}
從頭開始,每次顯示2條第一頁返回如下
{
"took": 0,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 60361,
"max_score": 1,
"hits": [
{
"_index": "system-log-2019.09",
"_type": "doc",
"_id": "X9GKbG0BHXMu0O5TBI8U",
"_score": 1,
"_source": {
"message": "Sep 26 15:14:25 salt-test systemd: Reloading.",
"@version": "1",
"type": "system-log",
"host": "salt-test",
"path": "/var/log/messages",
"@timestamp": "2019-09-26T07:14:25.503Z"
}
},
{
"_index": "system-log-2019.09",
"_type": "doc",
"_id": "YNGKbG0BHXMu0O5TBI8U",
"_score": 1,
"_source": {
"message": """Sep 26 15:14:25 salt-test filebeat: 2019-09-26T15:14:25.362+0800#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(elasticsearch(http://192.168.1.4:9200)): Connection marked as failed because the onConnect callback failed: 400 Bad Request: {"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_ilm], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_ilm"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_ilm], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_ilm"},"status":400}""",
"@version": "1",
"type": "system-log",
"host": "salt-test",
"path": "/var/log/messages",
"@timestamp": "2019-09-26T07:14:25.503Z"
}
}
]
}
}
3,條件查詢並排序
查詢host名為salt-test的主機,只顯示message和host字段,按時間倒序排列,從頭開始頁大小為2
GET /system-log-2019.09/_search
{
"query": {
"match": {
"host":"salt-test"
}
},
"_source": [
"host",
"@timestamp"
],
"sort": [
{
"@timestamp": "desc"
}
],
"from": 0,
"size": 2
}
4,全文檢索
索引中只要有任意一個匹配拆分后詞就可以出現在結果中,只是匹配都越高越的排越前面
GET /gb/_search
{
"query": {
"match": {
"name":"wangwu"
}
}
}