es 原生API

最新推荐文章于 2023-05-31 15:04:15 发布

nickname_oo

最新推荐文章于 2023-05-31 15:04:15 发布

阅读量1k

点赞数

分类专栏：搜索文章标签： es

本文链接：https://blog.csdn.net/helihongzhizhuo/article/details/81484733

版权

搜索专栏收录该内容

17 篇文章 0 订阅

订阅专栏

1、创建索引

http://192.168.1.1:9200/indexname1?pretty

{
"settings" : {
"number_of_shards" : 3,
"number_of_replicas" : 2,
"refresh_interval": "300s"
}
}

put为创建

get为查看

https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html

2、创建mappings

http://192.168.1.1:9200 /video_content/_mapping/_doc

{
"properties": {
"username": {
"type": "keyword"
},
"created_at": {
"type": "keyword"
},
"object": {
"type": "keyword"
},
"command": {
"type": "text"
},
"id": {
"type": "keyword"
},
"videoname": {
"type": "text"
}
}
}

put 增加mappings

若指定分词：

则为：

{
   "properties": {
       "username": {
           "type": "keyword"
       },
       "created_at": {
           "type": "date"
       },
       "object": {
           "type": "keyword"
       },
       "command": {
           "type": "text",
           "analyzer": "ik_smart"
       },
       "id": {
           "type": "keyword"
       },
       "videoname": {
           "type": "text",
           "analyzer": "ik_smart"
       }
   }
}

get获取mappings

3、新增/更新数据

http://192.168.1.1:9200 /video_content/_doc/1/_update

{
   "doc": {
       "username": "helihong",
       "created_at": "2016-11-11 17:38:25",
       "object": "10.0.0.10",
       "command": "VMware Tray Application",
       "id": "1",
       "videoname": "video1"
   },
   "doc_as_upsert": true
}

post发送

4、查看分词情况

http://192.168.10.150:9200/_analyze

{
"analyzer": "ik_smart",
"text": "机器学习"
}

post方式

5、查询

（1）http://192.168.1.1:9200 /video_content/_doc/1

get方式

（2）模糊查询

http://192.168.10.150:9200/video_content/video/_search

{
   "query": {
       "match": {
           "command": "机器学习"
       }
   },
   "_source":["id","username","command"]
}

（3）模糊查询+查看打分详情

http://192.168.10.150:9200/video_content/video/_search?explain=true

{
   "query": {
       "match": {
           "command": "机器学习"
       }
   },
   "_source":["id","username","command"]
}

(4)组合查询+时间过滤+排序

http://192.168.1.1:9200/case/caseitem/_search

{
   "query": {
       "bool": {
           "must": [{
                   "match": {
                       "username": "test1"
                   }
               },
               {
                   "match": {
                       "case_name": "rdp"
                   }
               },
               {
                   "match": {
                       "command": "c:\\Windows\\System32\\net.exe"
                   }
               },
               {
                   "match": {
                       "case_action": "WebMan.exe"
                   }
               },
               {
                   "range": {
                       "created_at": {
                           "gte": "2017-04-13 13:47:50",
                           "lte": "2017-04-13 14:47:50"
                       }
                   }
               }
           ]
       }
   },
   "sort" : { "created_at" : { "order" : "desc" } },
   "from": 0,
   "size": 3
}

post

（5）distinct项查询（去重查询）

post http://192.168.1.1:9200/case/_search

{
"size" : 0, // 表示搜索出来的文档数为0个，也表示不关心文档内容只要聚合结果。如果为 1 ，就会搜索出1个文档。
"aggs" : { //聚合操作在顶层参数'aggs'之下，完整形式'aggregations' 同样有效。
"my_users" : { // 为聚合指定一个我们想要的名字。
"terms" : { //定义单个桶类型，为 terms
"field" : "username.keyword" //对于terms的匹配必须是 keyword的形式。
}
}
}
}

nickname_oo

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
es 原生API

1、创建索引http://192.168.1.1:9200/indexname1?pretty{ "settings" : { "number_of_shards" : 3, "number_of_replicas" : 2, "refresh_interval": "300s" }}put为创建get为查看ht...
复制链接

扫一扫