kibana DevTools语句查询详解
免费下载资源
参考:https://www.phpmianshi.com/?id=119
直接点击Dev Tools,来看基本操作
1,输入:GET /
{
"name": "GddjX_V",
"cluster_name": "elasticsearch",
"cluster_uuid": "Z4oj43mcQKGiMF70lFDv-Q",
"version": {
"number": "6.3.2",
"build_flavor": "default",
"build_type": "tar",
"build_hash": "053779d",
"build_date": "2018-07-20T05:20:23.451332Z",
"build_snapshot": false,
"lucene_version": "7.3.1",
"minimum_wire_compatibility_version": "5.6.0",
"minimum_index_compatibility_version": "5.0.0"
},
"tagline": "You Know, for Search"
}
在右侧将看到和启动完ES后在浏览器输入localhost:9200相同的内容
2,创建索引
输入:
PUT mytest
#或者直接插入一条数据
POST mytest/doc/1
{
"name": "zs",
"age": 11,
"state": 1
}
输出:
{
"_index": "mytest",
"_type": "doc",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 0,
"_primary_term": 1
}
3,查看刚才创建的索引
输入:
GET mytest/doc/1
输出
{
"_index": "mytest",
"_type": "doc",
"_id": "1",
"_version": 1,
"found": true,
"_source": {
"name": "zs",
"age": 22,
"state": 1
}
}
index是刚才创建的索引名称;_type是类型,_id为创建时的ID,如果创建索引的时候不设置ID,那么ES将默认分配一个ID,不过样式会比较长,不好记忆;_version为版本号,如果我们之后对该数据进行了修改,那么他会随之变化;_source里边就是我们刚才加进去的数据内容
4,删除索引
输入:
DELETE mytest
5,修改数据
输入:
PUT mytest/doc/1
{
"name": "zsname",
"age": 33,
"state": 1
}
6,bulk方法批量插入数据
输入:
POST _bulk
{"index":{"_index":"mytest","_type":"doc"}}
{"name": "zsname","age": 11,"state": 1}
{"index":{"_index":"mytest","_type":"doc"}}
{"name": "lisi","age": 22,"state": 1}
{"index":{"_index":"mytest","_type":"doc"}}
{"name": "wangwu","age": 33,"state": 0}
使用POST方法,然后每一条数据的格式是一致的,首先第一行输入
{"index":{"_index":"mytest","_type":"doc"}}
第二行输入要插入的完整数据,这里特别提醒下,插入的这条数据不能使用刚才创建数据时的那种多行形式,只能使用没有回车的一条数据,否则会报错
执行完毕后,我们再次获取数据看一下
GET mytest/_search
7,按照条件查询
输入: 查询名字为zsname的信息
get mytest/_search
{
"query":{
"match":{
"name":"zsname"
}
}
}
bool联合查询: must,should,must_not
联合查询就会使用到must,should,must_not三种关键词。
这三个可以这么理解
must: 完全匹配条件 相当于sql中的and should: 至少满足一个条件 相当于sql中的 or must_not: 文档必须不匹配条件 相当于sql中的!=
8,当同一个属性满足逻辑或时的查询
输入:
GET mytest/_search
{
"query": {
"bool": {
"should": [
{
"match": {
"name": "zsname"
}
},
{
"match": {
"name": "lisi"
}
}
]
}
}
}
这里是查询属性"name"等于zsname或者lisi的数据 ,query bool should 组成了 或 的关系
9,多条件查询
输入:
GET mytest/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"name": "zsname"
}
},
{
"match": {
"age": 11
}
}
]
}
}
}
这里是查询属性"name"等于zsname,并且属性"age"为11 的数据, query bool must 组合成了 且 的关系,跟上面的区别 就是 should和must的区别
10,范围查询并进行排序
输入:
GET mytest/_search
{
"query": {
"range": {
"age": {
"gte": 1,
"lte": 20
}
}
},
"sort": [
{
"age": {
"order": "asc"
}
}
]
}
年龄 1-20的结果,按照age升序排列
注意排序的字段要是数字,字符串会报如下错误 。
Fielddata is disabled on text fields by default. Set fielddata=true on [name] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.
原因分析
Elasticsearch 5.x版本以后,对排序和聚合等操作,用单独的数据结构(fielddata)缓存到内存里了,默认是不开启的,需要单独开启。
参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/fielddata.html
解决方案
执行如下语句,将 age字段进行开启映射mapping
PUT 索引名字/_mapping/类型/
PUT mytest/_mapping/doc/
{
"properties":{
"age":{
"type":"text",
"fielddata":true
}
}
}
有时排序会遇到这个错误:
No mapping found for [create_time] in order to sort on
解决方法:sort的时候 强制指定 sort 字段类型
"sort":{
"create_time":{
"order":"desc",
"unmapped_type": "long"
}
}
11, SQL查询
POST /_xpack/sql?format=json
{
"query": "SELECT * FROM live_msg limit 1"
}
12,聚合查询
输入:
GET mytest/_search
{
"size": 0,
"aggs": {
"state": {
"range": {
"field": "state",
"ranges": [
{
"from": 1,
"to": 5
},
{
"from": 5,
"to": 15
}
]
}
}
}
}
field后边输入属性名
from和to后边输入要分段的范围
如果想要查看满足条件的数据,size值置为非零数
查询state的统计信息 stats 统计count max min avg sum 5个值
GET mytest/_search
{
"size": 2,
"aggs": {
"statsState": {
"stats": {
"field": "state"
}
}
}
}
12、复杂的组合查询
查询某个字段为空 或者 空字符串:
{
"query": {
"bool": {
"must": [
{
"bool": {
"must_not": [
{
"wildcard": {
"字段名": {
"value": "*"
}
}
}
]
}
}
]
}
}
}
term 是代表完全匹配,也就是精确查询,搜索前不会再对搜索词进行分词拆解。相当于sql中的 = terms 是代表完全匹配,相当于sql中的in match 进行搜索的时候,会先进行分词拆分,拆完后,再来匹配 相当于sql中的like,比like更强大(分词后like) match_phrase 称为短语搜索,要求所有的分词必须同时出现在文档中,同时位置必须紧邻一致 相当于sql中的like,比like更强大(分词后like)
查询 age=1 and name!="" and name!="zs" 的数据
POST mytest/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"age": 11
}
},
{
"bool": {
"must_not": [
{
"term": {
"name": ""
}
}
]
}
},
{
"bool": {
"must_not": [
{
"term": {
"name": "zs"
}
}
]
}
}
]
}
}
}
实现如下sql:
SELECT id,create_time FROM live_msg WHERE
l_id = 48
AND content like "%美股%"
AND kind IN ('charge', 'free')
AND state IN ('', 'del_own')
AND unshow_group = ''
AND view_self != 'yes'
AND (not_vip_show != 'no' or (create_time> 1588814979 AND vip_show != 'no'))
ORDER BY create_time DESC LIMIT 5;
ES语法
GET live_msg/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"l_id": 48
}
},
{
"match_phrase": {
"content": "美股"
}
},
{
"terms": {
"kind": [
"charge",
"free"
]
}
},
{
"bool": {
"should": [
{
"bool": {
"must_not": {
"wildcard": {
"state": {
"value": "*"
}
}
}
}
},
{
"term": {
"state": "del_own"
}
}
]
}
},
{
"bool": {
"must_not": [
{
"wildcard": {
"unshow_group": {
"value": "*"
}
}
},
{
"term": {
"view_self": "yes"
}
}
]
}
},
{
"bool": {
"should": [
{
"bool": {
"must_not": {
"term": {
"not_vip_show": "no"
}
}
}
},
{
"bool": {
"must": [
{
"range": {
"create_time": {
"gt": 1588814979
}
}
},
{
"bool": {
"must_not": {
"term": {
"vip_show": "no"
}
}
}
}
]
}
}
]
}
}
]
}
},
"from": 0,
"size": 5,
"sort": {
"create_time": {
"order": "desc",
"unmapped_type": "long"
}
},
"_source":["id","create_time"]
}
GitHub 加速计划 / de / devtools
24.6 K
4.14 K
下载
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
0
0- 0
已为社区贡献4条内容
所有评论(0)