本文详细介绍了如何在Linux环境下单机部署Elasticsearch 7.14.0,包括下载、解压、用户权限设置、系统资源限制调整等步骤。此外,还展示了如何配置`elasticsearch.yml`文件,并进行了复合聚合(composite aggregation)的使用示例,用于实现类似SQL的多字段分组查询。最后提到了安装和使用Elasticsearch Head插件的方法。
单机部署
# 下载最新的ES,https://www.elastic.co/cn/downloads/elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-linux-x86_64.tar.gz
tar zxvf elasticsearch-7.14.0-linux-x86_64.tar.gz -C /opt由于ES是不允许root用户身份启动的,所以还需要单独创建一个用户用来运行ES
adduser elastic
# 给 elastic 用户赋予权限
chown -R elastic:elastic /opt/elasticsearch-7.14.0增加系统资源的配置
# vim /etc/security/limits.conf,重新登录账号生效
* soft nofile 65536
* hard nofile 65536
* soft nproc 4096
* hard nproc 4096
# vim /etc/sysctl.conf,执行 sysctl -p 生效
vm.max_map_count=262144简单配置ES,config/elasticsearch.yml
# vim /opt/elasticsearch-7.14.0/config/elasticsearch.yml
network.host: 0.0.0.0
discovery.seed_hosts: ["192.168.202.133"]
cluster.initial_master_nodes: ["192.168.202.133"]启动ES
su - elastic -c "/opt/elasticsearch-7.14.0/bin/elasticsearch"
# start as daemon
su - elastic -c "/opt/elasticsearch-7.14.0/bin/elasticsearch -d"安装head插件,见:https://github.com/mobz/elasticsearch-head
如果能翻墙,建议直接chrome扩展商店安装更方便 https://chrome.google.com/webstore/detail/elasticsearch-head/ffmkiejjmecolpfloofpjologoblkegm/related
如果不能,下载本地插件版:https://download.csdn.net/download/hjxisking/20814938
一些用法记录
1. composite,类似group by功能,官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-composite-aggregation.html
composite是一个多桶聚合,它从不同的源创建复合桶,与其他多桶聚合不同,复合聚合可用于高效地对多级聚合中的所有桶进行分页。这种聚合提供了一种方法来流特定聚合的所有桶,类似于滚动对文档所做的操作。
组合桶是由为每个文档提取/创建的值的组合构建的,每个组合被视为组合桶,就像类似sql中的多group by 多字段,可以对多个字段进行聚合
比如SQL:SELECT countymd,platform,action_type, COUNT(action_type) as H11, COUNT(distinct(user_id)) as uu, SUM(platform) as PALL FROM user_access_log WHERE countymd = 20210806 AND countdate >= '2021-08-06 11:00:00' AND countdate <= '2021-08-06 11:59:59' GROUP BY countymd, platform, action_type ORDER BY countymd DESC,对应的Elasticsearch的DSL为
{
"size": 0,
"query": {
"bool": {
"filter": {
"bool": {
"must": [
{"range":{"countdate":{"gt":"2021-08-05 11:00:00", "lt":"2021-08-05 11:59:59"}}}
]
}
}
}
},
"_source": false,
"aggs": {
"groupby": {
"composite": {
"sources": [
{"countymd": {"terms": {"field": "countymd", "order": "desc"}}},
{"platform": {"terms": {"field": "platform"}}},
{"action_type": {"terms": {"field": "action_type"}}}
]
},
"aggs": {
"H11": {
"filter": {
"exists": {
"field": "action_type"
}
}
},
"uu": {
"cardinality": {
"field": "user_id"
}
},
"PALL": {
"stats": {
"field": "platform"
}
}
}
}
}
}response:
{
"took": 99,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 15,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"groupby": {
"after_key": {
"countymd": 20210805,
"platform": 2,
"action_type": "1002"
},
"buckets": [
{
"key": {
"countymd": 20210806,
"platform": 2,
"action_type": "0104"
},
"doc_count": 3,
"uu": {
"value": 2
},
"PALL": {
"count": 3,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 6.0
},
"H11": {
"doc_count": 3
}
},
{
"key": {
"countymd": 20210805,
"platform": 2,
"action_type": "0103"
},
"doc_count": 2,
"uu": {
"value": 1
},
"PALL": {
"count": 2,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 4.0
},
"H11": {
"doc_count": 2
}
},
{
"key": {
"countymd": 20210805,
"platform": 2,
"action_type": "0104"
},
"doc_count": 3,
"uu": {
"value": 1
},
"PALL": {
"count": 3,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 6.0
},
"H11": {
"doc_count": 3
}
},
{
"key": {
"countymd": 20210805,
"platform": 2,
"action_type": "0705"
},
"doc_count": 2,
"uu": {
"value": 1
},
"PALL": {
"count": 2,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 4.0
},
"H11": {
"doc_count": 2
}
},
{
"key": {
"countymd": 20210805,
"platform": 2,
"action_type": "1001"
},
"doc_count": 1,
"uu": {
"value": 1
},
"PALL": {
"count": 1,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 2.0
},
"H11": {
"doc_count": 1
}
},
{
"key": {
"countymd": 20210805,
"platform": 2,
"action_type": "1002"
},
"doc_count": 4,
"uu": {
"value": 1
},
"PALL": {
"count": 4,
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 8.0
},
"H11": {
"doc_count": 4
}
}
]
}
}
}在返回结果集的buckets中,每一个group by的组合都会统计出其具体数量
扫一扫
5406
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
