超级会员免费看
-
runtime fields+range aggs
● 在cluster1上有一task1索引,请编写一个查询并满足以下要求:
● 定义一个名为a的运行时字段,通过a字段实现以下聚合(a字段的值等于b字段减去c字段)
● 聚合a值小于-2的文档
● 聚合-5到5之间的文档
● 聚合大于5的文档
● 建立测试索引
PUT task1
{
"settings": {
"number_of_replicas": 0,
"number_of_shards": 1
},
"mappings": {
"properties": {
"b": {
"type": "long"
},
"c": {
"type": "long"
}
}
}
}
POST task1/_bulk
{"index":{"_id":1}}
{"b":5,"c":6}
{"index":{"_id":2}}
{"b":5,"c":1}
{"index":{"_id":3}}
{"b":8,"c":1}
{"index":{"_id":4}}
{"b":5,"c":8}
PUT task1/_mapping
{
"runtime": {
"a": {
"type": "long",
"script": {
"source": "emit(doc['b'].value - doc['c'].value)"
}
}
}
}
POST /task1/_search
{
"size": 0,
"aggs": {
"agga": {
"range": {
"field": "a",
"ranges": [
{
"to": -2
},
{
"from": -5,
"to":5
},
{
"from": 5
}
]
}
}
}
}
-
analyzer+reindex
● 在集群一上有task2索引,请重建它到task2_new索引上,并满足以下要求:
● 集群一的a字段包含有关键字’yoo-hoo’和’yoohoo’,不管搜索’yoohoo’还是’yoo-hoo’,它们的结果应该一样
● task2_new和task2的mapping应该一样
● 知识点:自定义分词、reindex
PUT task4-2
{
"settings": {
"number_of_replicas": 0,
"number_of_shards": 1
},
"mappings": {
"properties": {
"title":{
"type": "text"
}
}
}
}
POST task4-2/_doc/1
{"title":"yoo-hoo"}
POST task4-2/_doc/2
{"title":"yoohoo"}
PUT task2_new
{
"settings": {
"number_of_replicas": 0,
"number_of_shards": 1,
"analysis": {
"analyzer": {
"my_analyzer":{
"tokenizer":"my_tokenizer",
"filter":"my_filter"
}
},
"tokenizer": {
"my_tokenizer":{
"type":"standard"
}
},
"filter": {
"my_filter":{
"type":"synonym",
"synonyms": [ "yoo-hoo => yoohoo" ]
}
}
}
},
"mappings": {
"properties": {
"title":{
"type": "text",
"analyzer": "my_analyzer"
}
}
}
}
POST /_reindex
{
"source": {
"index": "task4-2"
},
"dest": {
"index": "task2_new"
}
}
GET task2_new/_search
{
"query": {
"match": {
"title": "yoohoo"
}
}
}
- 数据流+索引生命周期管理
现有以下文档,请编写一个名为test_data_stream数据流满足以下请求:
● 数据流索引的主分片数为3,副本分片数为1{ "@timestamp": "2099-03-08T11:04:05.000Z", "message": "test" }
● 将上述文档填充到数据流中去
PUT _component_template/my_comp_temp
{
"template": {
"settings": {
"number_of_replicas": 1,
"number_of_shards": 1
},
"mappings": {
"properties": {
"@timestamp":{
"type": "date"
},
"message":{
"type":"text"
}
}
}
}
}
PUT _index_template/my_index_temp
{
"index_patterns": ["test_data_stream*"],
"data_stream":{},
"composed_of":["my_comp_temp"]
}
POST test_data_stream/_doc/1?op_type=create
{"@timestamp": "2099-03-08T11:04:05.000Z", "message": "test"}
- 跨集群复制,Cross-Cluster Replication
● 远程集群,remote cluster leader 192.168.0.11:9300, kibana:192.168.0.11:5601 主集群
● 本地集群,local cluster follower 192.168.0.14:9300, kibana:192.168.0.14:5601 备份集群
在本地集群192.168.0.14,添加一个远程集群,即主集群的IP和端口 [在192.168.0.14上操作]
PUT /_cluster/settings
{
"persistent": {
"cluster": {
"remote":{
"leader":{
"seeds":[
"192.168.0.11:9300"
]
}
}
}
}
}
使用Kibana图形化界面配置:Stack Management->Data->Cross-Cluster Replication。[在192.168.0.14上操作]
● 在Remote cluster栏:Remote cluster
● 在Leader index栏:employees
● 在Follower index栏:follow_employees
● 点击:create
检测:[在192.168.0.14上操作]
GET /follow_employees/_ccr/stats
GET /follow_employees/_count
-
查询模板
● 对task5编写一个查询模板,并满足以下要求:
● 使用a_01参数查询’a’字段;
● 使用start_date和end_date参数范围查询timestamp字段
● 如果没有提供end_date字段,那么结束时间默认是现在
● 查询结果中b字段必须equals’b’,
● 查询2018年6月1日到现在的数据,a字段包含关键字’aaa’
Search your data > Search templates
DELETE task5
PUT task5
{
"mappings": {
"properties": {
"a":{
"type": "text"
},
"b":{
"type": "keyword"
},
"timestamp":{
"type": "date"
}
}
}
}
POST /task5/_doc/1
{"a":"aaa AAA", "b":"b", "timestamp":"2021-11-11T11:21:21.000Z"}
PUT _scripts/my-search-template
{
"script": {
"lang": "mustache",
"source": {
"query": {
"bool": {
"must":[
{"term":{ "b":"b"}},
{"match":{"a":"aaa"}}
],
"should": [
{
"term": {
"a": "{{a_01}}"
}
},
{
"range": {
"timestamp": {
"gte": "{{start_date}}",
"lte":"{{end_date}}{{^end_date}}now/d{{/end_date}}"
}
}
}
]
}
}
}
}
}
GET task5/_search/template
{
"id": "my-search-template",
"params": {
"a_01": "a",
"start_date": "2018-06-01"
}
}
- earthquakes索引中包含了过去11个月的地震信息,请通过一句查询,获取以下信息
● 过去11个月,每个月的平均地震等级(magiitude)
● 过去11个月里,平均地震等级最高的一个月及其平均地震等级
● 搜索不能返回任何文档
Aggregations› Bucket aggregations
当日期是keyword类型时
GET earthquakes/_mapping
PUT earthquakes/_mapping
{
"runtime":{
"yearmonth":{
"type":"keyword",
"script":{
"source":"emit(doc['DateTime'].value.substring(0,7))"
}
}
}
}
GET earthquakes/_search
{
"size": 0,
"aggs": {
"bucket_month": {
"terms": {
"field": "yearmonth"
},
"aggs": {
"avg_Magnitude": {
"avg": {
"field": "Magnitude"
}
}
}
},
"max_Magnitude":{
"max_bucket": {
"buckets_path": "bucket_month>avg_Magnitude"
}
}
}
}
当日期是date类型
DELETE /earthquakes2
PUT earthquakes2
{
"settings": {
"number_of_replicas": 0
},
"mappings": {
"properties": {
"DateTime":{
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
},
"Magnitude":{
"type": "float"
}
}
}
}
POST earthquakes2/_bulk
{"index":{"_id":1}}
{"DateTime":"2016-01-01 12:12:12", "Magnitude":4.56}
{"index":{"_id":2}}
{"DateTime":"2016-01-01 15:12:12", "Magnitude":6.46}
{"index":{"_id":3}}
{"DateTime":"2016-02-02 13:12:12", "Magnitude":4}
{"index":{"_id":4}}
{"DateTime":"2016-03-02 13:12:12", "Magnitude":6}
GET earthquakes2/_search
{
"size": 0,
"aggs": {
"Magnitude_per_month": {
"date_histogram": {
"field": "DateTime",
"calendar_interval": "month"
},
"aggs": {
"avg_per_month": {
"avg": {
"field": "Magnitude"
}
}
}
}
}
}
- 同义词+reindex 等。目前有个索引是task3,用oa、OA、Oa、oA phrase查询是3条,使用dingding的phrase查询是2条,通过reindex 索引后能够使得使用oa、OA、Oa、oA、0A、dingding都是6条。
● 准备task3的索引,导入6条不同的文档数据
● reindex task3的索引到task3_new后
PUT task3
{
"settings": {
"number_of_replicas": 0
},
"mappings": {
"properties": {
"title": {
"type": "text"
}
}
}
}
POST task3/_bulk
{"index":{}}
{"title":"oa"}
{"index":{}}
{"title":"OA"}
{"index":{}}
{"title":"Oa"}
{"index":{}}
{"title":"oA"}
{"index":{}}
{"title":"0A"}
{"index":{}}
{"title":"dingding"}
DELETE task3_new
PUT task3_new
{
"settings": {
"analysis": {
"analyzer": {
"my_analyzer": {
"tokenizer": "standard",
"filter": ["my_filter"]
}
},
"filter": {
"my_filter":{
"type":"synonym",
"synonyms":[
"oa,OA,Oa,oA,0A,dingding"
]
}
}
}
},
"mappings": {
"properties": {
"title":{
"type": "text",
"analyzer": "my_analyzer"
}
}
}
}
POST /_reindex
{
"source": {
"index": "task3"
},
"dest": {
"index": "task3_new"
}
}
GET task3_new/_search
{
"query": {
"match": {
"title": "0A"
}
}
}
-
索引 movie-1,保存的电影信息,title是题目,tags是电影的标签,要求:
● 在title中包含“my”或者“me”。
● 如果在tags中包含"romatic movies",该条算分提高,如果不包含则算分不变
PUT movie-1
{
"mappings": {
"properties": {
"title":{
"type": "text"
},
"tags":{
"type": "keyword"
}
}
}
}
POST /movie-1/_search
{
"query": {
"function_score": {
"query": {
"bool": {
"should": [
{"match":{"title": "my"}},
{"match":{"title": "me"}}
]
}
},
"functions": [
{
"filter":{
"term":{
"tags":"romatic movies"
}
},
"weight":5
}
]
}
}
}
- 对集群一上的task9索引编写一个查询,并满足以下要求:
● ‘a’,‘b’,‘c’字段至少有两个字段匹配中’test’关键字
● 对查询结果进行排序,先按照’a’字段进行降序排序,再按照’_socre’进行升序排序
● 'a’字段的返回结果高亮显示,前标签是,后标签是
PUT task9
{
"mappings": {
"properties": {
"a":{
"type": "keyword"
},
"b":{
"type": "text"
},
"c":{
"type": "text"
}
}
}
}
POST task9/_search
{
"query": {
"bool": {
"should": [
{"match": {"a": "test"}},
{"match": {"b": "test"}},
{"match": {"c": "test"}}
],
"minimum_should_match": 2
}
},
"sort": [
{
"a": {
"order": "desc"
}
},
{
"_score":{
"order": "asc"
}
}
],
"highlight": {
"fields": {
"a": {
"pre_tags": ["<em>"],
"post_tags": ["</em>"]
}
}
}
}
扫一扫
142
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
