kibana Dev Tools增刪改查基礎知識:https://www.cnblogs.com/bigfacecat-h/p/14490917.html
kibana Dev Tools查詢示例:https://www.cnblogs.com/bigfacecat-h/p/elasticSearch.html
kibana Dev Tools修改示例:https://www.cnblogs.com/bigfacecat-h/p/14498221.html
kibana Dev Tools常用命令:https://www.cnblogs.com/bigfacecat-h/p/14500466.html
一、查詢操作
查詢語句基本語法
以下語句類似於mysql的: select * from xxx.yyy.topic where 條件1,條件2,...條件N
GET xxx.yyy.topic/logs/_search
{
"query": {
"bool": { 這里面是限制條件,不寫則查所有數據
可以包含單個或多個限制條件 } } }
select * from xxx.yyy.topic where 條件1
GET xxx.yyy.topic/logs/_search { "query": {
這里只能是單個條件 } }
詳細說明:
GET xxx.yyy.topic/logs/_search中
xxx.yyy.topic 對應字段_index 即索引字段 相當於mysql中的數據庫名稱
logs 對應字段_type 相當於mysql中的表名
_id 相當於mysql中的主鍵
_search 這表示執行查詢操作
_source 相當於mysql表中的列的集合
bool體中是一個或多個基本查詢的組合,可在bool里面使用以下參數:
must 文檔中必須包含must后的條件
must_not 文檔中必須不包含must_not后的條件
should 滿足should后的任何一個條件
filter filter后跟過濾條件
1、select * from xxx.yyy.topic
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must": { "match_all": {} } } } }
或者
GET xxx.yyy.topic/logs/_search { "query": { "bool": {} } }
或者
GET xxx.yyy.topic/logs/_search { "query": { "match_all": {} } }
如果在index下只有一種_type,則在GET中可以不帶_type
GET xxx.yyy.topic/_search { "query": { "bool": {} } }
查詢僅返回某些字段
GET /index_bigfacecat_test/typeA/_search
{
"query": { "match_all": {} },
"_source": ["name", "address"]
}
通過腳本動態返回新定義字段
GET /index_bigfacecat_test/typeA/_search { "query": { "match_all": {} }, "_source": ["name", "dailywage","workdays"], "script_fields":{ "salary":{ "script":{ "lang":"painless", "source":"doc['workdays'].value * doc['dailywage'].value" } }, "vacation":{ "script":{ "lang":"painless", "source":"params['_source']['workdays'] * 0.3" } } } }
doc['workdays'].value 比 params['_source']['workdays'] 更快,上面代碼執行結果圖下圖
2、 select * from xxx.yyy.topic where login = 'BigFaceCat' and pwd='123'
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must": [ { "match": { "login.keyword": "BigFaceCat" } }, { "match": { "pwd.keyword": "123" } } ] } } }
must的反查用 must_not :表示即不是A,也不是B
3、查詢語句 select * from xxx.yyy.topic where update_time > 1591200000000 and update_time<1591200000000
select * from xxx.yyy.topic where update_time between 1591200000000 and 1591200000000
GET xxx.yyy.topic/logs/_search
{ "query":{ "bool":{ "must":[ { "range":{ "update_time":{ "gte":1591200000000, "lte":1591362000000 } } } ] } } }
GET xxx.yyy.topic/logs/_search { "query":{ "bool":{ "filter":[ { "range":{ "update_time":{ "gte":1591200000000, "lte":1591362000000 } } } ] } } }
gte :表示 >=
lte : 表示<=
gt : 表示>
lt : 表示<
4、查詢語句 select * from xxx.yyy.topic where update_time > 1591200000000 and update_time<1591200000000 and login='BigFaceCat'
{
"query":{
"bool":{
"must":[
{
"range":{
"update_time":{
"gte":1591200000000,
"lte":1591362000000
}
}
},
{
"match":{
"login.keyword":"BigFaceCat"
}
}
]
}
}
}
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must":{ "match":{"login.keyword":"BigFaceCat"}}, "filter": { "range": { "update_time": { "gte": 1591200000000, "lte": 1591362000000 } } } } } }
5、查詢語句 select * from xxx.yyy.topic where login='BigFaceCat' or login='LittlteFaceCat'
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "should": [ { "match": { "login.keyword": "BigFaceCat" }}, { "match": { "login.keyword": "LittlteFaceCat"}} ] } } }
select * from index_bigfacecat_test where sex = 'female' and ( address = '重慶3' or address = '重慶2')
GET /index_bigfacecat_test/typeA/_search { "query":{ "bool":{ "must":[ {"match":{"sex": "female"}}, {"bool": {"should":[ {"match":{"address":"重慶3"}}, {"match":{"address":"重慶2"}} ] } } ] } } }
6、select * from xxx.yyy.topic where login is null
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must_not": { "exists": { "field": "login" } } } } }
7、select * from xxx.yyy.topic where login is not mull
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must": { "exists": { "field": "login" } } } } }
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "filter": { "exists": { "field": "login" } } } } }
8、select * from xxx.yyy.topic where login in ('BigFaceCat','LittlteFaceCat')
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must": [ { "match": { "login.keyword": "BigFaceCat" } }, { "match": { "login.keyword": "LittlteFaceCat" } } ] } } }
GET xxx.yyy.topic/logs/_search { "query": { "bool":{ "filter":{ "terms":{ "login":["BigFaceCat","LittleFaceCat"]} } } } }
GET xxx.yyy.topic/logs/_search
{
"query": {
"bool":{
"should": [
{ "term":{ "login":"BigFaceCat"} },
{ "term":{ "login":"LittleFaceCat"} }
]
}
}
}
terms : 后面可跟多個值
term : 后面只能有一個值
9、select call_id , record_id from xxx.yyy.topic where _id = 'eecd25747'
GET xxx.yyy.topic/logs/_search { "_source": ["call_id","record_id"], "query": { "match": { "_id": "eecd25747a"} } }
select call_id , record_id from xxx.yyy.topic where login='BigFaceCat' and pwd='123'
GET xxx.yyy.topic/logs/_search { "_source": ["call_id","record_id"], "query": { "bool": { "must": [ { "match": { "login.keyword": "BigFaceCat" } }, { "match": { "pwd.keyword": "123" } } ] } } }
10、聚合查詢 select sum( talk_duration) as sum_of_talkDuration from xxx.yyy.topic
GET xxx.yyy.topic/logs/_search { "aggs": { "sum_of_talkDuration":{ "sum":{ "field": "talk_duration" } } } }
select sum( talk_duration) as sum_of_talkDuration from xxx.yyy.topic where end_time is not null
GET xxx.yyy.topic/logs/_search { "query": { "bool": { "must": [ {"exists":{"field":"end_time"}} ] } }, "aggs": { "sum_of_talkDuration":{ "sum":{ "field": "talk_duration" } } } }
11、select SUM( DISTINCT talk_duration) as sum_of_diffTalkDuration from xxx.yyy.topic
GET xxx.yyy.topic/logs/_search { "size":0, "aggs": { "sum_of_diffTalkDuration":{ "cardinality":{ "field": "talk_duration" } } } }
12、求平均值 SELECT AVG( record_duration ) as avg_of_talkDurtion FROM xxx.yyy.topic
GET xxx.yyy.topic/logs/_search { "size":0, "aggs": { "avg_of_talkDuration":{ "avg":{ "field": "talk_duration" } } }
13、求最大值 SELECT MAX( record_duration ) as max_of_talkDurtion FROM xxx.yyy.topic
GET xxx.yyy.topic/logs/_search { "size":0, "aggs": { "max_of_talkDuration":{ "max":{ "field": "talk_duration" } } }
14、對查詢結果排序 select * from xxx.yyy.topic order by talk_duration desc
GET xxx.yyy.topic/logs/_search { "query": { "bool": { } }, "sort": [{ "talk_duration": "desc" }] }
GET xxx.yyy.topic/logs/_search { "query": { "bool": {} }, "sort": [ { "talk_duration": {"order": "desc"} } ] }
GET /index_bigfacecat_test/typeA/_search { "query": { "match_all": {} }, "_source": ["name", "address","class","age"], "sort":[ { "classa": "asc" }, { "age": "desc"} ] }
基於自定義腳本的排序
GET /index_bigfacecat_test/typeA/_search { "query": { "match_all": {} }, "sort":{ "_script":{ "type":"number", "script":{ "lang":"painless", #腳本語言類型為painless,painless支持Math.log`函數 "source":"doc['age'].value * params.workDays", "params":{ "workDays":5.1 } }, "order" : "asc" } } }
desc : 降序排序
asc : 升序排序
15、分頁查詢
GET xxx.yyy.topic/logs/_search { "query": { "bool": { } }, "sort": [{ "talk_duration": {"order": "desc"} }], "from": 2, "size": 3 }
from : 起始頁
size : 按size條記錄分頁
如上查詢:按每頁3條記錄分頁,返回第2頁
16、通過主鍵_id查詢 select * from xxx.yyy.topic where _id = 'AXKRp4hXdhuuEZQaKj7n'
GET xxx.yyy.topic/logs/AXKRp4hXdhuuEZQaKj7n
17、通過主鍵_id查詢某些字段 select phone_number,system_code, extension from xxx.yyy.topic where _id='AXKRp4hXdhuuEZQaKj7'
GET xxx.yyy.topic/logs/AXKRp4hXdhuuEZQaKj7n?_source=phone_number,system_code,extension
18、分組
select sex,count(*) from index_bigfacecat_test group by sex order by count(*);
GET /index_bigfacecat_test/typeA/_search { "query":{ "bool":{ } }, "size":0, "aggs":{ "groupName":{ "terms":{ "field":"sex.keyword" } } } }
按性別分組后求每組的平均工作天數
GET /index_bigfacecat_test/typeA/_search { "query":{ "bool":{ } }, "aggs":{ "groupName":{ "terms":{ "field":"sex.keyword" }, "aggs":{ "avg_workdays":{ "avg":{ "field":"workdays" } } } } } }