说明:个人学习练习【笔记】而已,文档中所有命令都经过练习实际操作。版本都是7.7.0,后续再发java操作ES
ELK相关集群配置
ELK相关学习更新以及常见问题记录
Kibana操作ES
基本知识
基本命令
| 命令 | 字段 | 含义 |
|---|---|---|
| PUT | /索引名称/类型名称/文档ID | 创建文档(指定文档ID) |
| POST | /索引名称/索引类型 | 创建文档(随机文档ID) |
| POST | /索引名称/类型名称/文档id/_update | 修改文档 |
| DELETE | /索引名称/类型名称/文档id | 删除文档/或者索引 |
| GET | /索引名称/类型名称/文档id | 查询文档通过文档ID |
| POST | /索引名称/类型名称/_search | 查询所有数据 |
基本数据类型
| 字符串类型 | 数值类型 | 日期(纳秒) | 布尔值类型 | 二进制类型 | 范围类型 |
|---|---|---|---|---|---|
| text keyword | byte short integer long float double half_float scaled_float | date(date_nanos) | boolean | binary | range |
复杂数据类型
| 数组类型 | 对象类型 | 嵌套类型 |
|---|---|---|
| array | object | nested |
地理数据类型
| 地理点类型 | 地理形状类型 |
|---|---|
| geo-point | geo-shape |
特殊数据类型很多,这里记录两种
| 计数数据类型 | IP类型 |
|---|---|
| token_count | ip (IPv4 和 IPv6 地址) |
命令练习
练习基础数据
创建一个索引库和索引规则并指定字段类型
PUT /crazy
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 2
},
"mappings": {
"properties": {
"id": {
"type": "integer"
},
"name": {
"type": "keyword"
},
"age": {
"type": "long"
},
"birth": {
"type": "date"
},
"desc": {
"type": "text"
},
"tag": {
"type": "text"
}
}
}
}
创建一些测试数据
POST /crazy/_doc
{"name":"疯子","age":23,"birth":"1997-06-06","desc":"疯子学elk来了","tag":["JAVA","帅哥","HTML","暖男","看书"]}
POST /crazy/_doc
{"name":"小傻子","age":20,"birth":"2000-12-20","desc":"傻子不爱吃苹果","tag":["游戏","直播","直男","渣男","旅游"]}
POST /crazy/_doc
{"name":"张张三","age":5,"birth":"2015-02-20","desc":"张三5岁了,他也不爱吃苹果","tag":["萌宝","游戏","小暖男","睡觉","玩具"]}
POST /crazy/_doc
{"name":"李四","age":50,"birth":"1970-04-25","desc":"李四50岁了,她爱吃香蕉,是个老太太","tag":["老人","听戏","散步","睡觉","老太婆"]}
POST /crazy/_doc
{"name":"王五五","age":30,"birth":"1990-09-25","desc":"王五爱吃苹果,还学java,也爱吃香蕉","tag":["直男","技术宅","睡觉","听音乐","大佬"]}
常用状态查看
获取索引的规则具体信息
GET /crazy
健康值
【_cat命令可以查看es的很多信息】
GET _cat/health
版本信息
GET _cat/indices?v
文档数据基本操作
★关键字总结:
字段类型区别:
keyword字段不会被分词器解析
- 不分词,直接索引。【支持:模糊、精确查询,支持聚合】
text字段会被分词器解析
- 先分词,然后进行索引。【支持:模糊、精确查询,不支持聚合】
查询关键字区别:
term查询时直接通过倒排索引指定的词条进行精确查找的【多用于精确值查找】match会使用分词器解析【先分析文档,然后通过分析的文档进行查询】【多用于模糊值查找】bool值关键字区别:是|或|否
must必须:所有条件都要符合should或者must_not不等于
查询一条数据 1
直接指定索引/类型/{id}
GET crazy/_doc/A-pYKXMB85eJEC73q2LL
查询一条数据 2
精确查找nam叫疯子的,两个查询都能查到
GET /crazy/_doc/_search { "query":{ "term":{ "name":"疯子" } } } GET /crazy/_doc/_search { "query":{ "match":{ "name":"疯子" } } }
查询一条数据 3
这里用模糊查询name字段不会有结果
因为name字段是keyword类型,不会被分词,所以下面的练习都用模糊查询其他字段
GET /crazy/_doc/_search { "query":{ "match":{ "name":"疯" } } }
查询所有数据
使用请求体和关键字
_search查询
GET crazy/_search
{
"query": {
"match_all": {}
}
}
添加一条数据(随机ID)
{
"name": "小七",
"age": 10,
"birth": "2010-08-21",
"desc": "小七是个淘气鬼,天天就爱捣乱",
"tag": [
"小学生",
"捣乱",
"睡觉",
"打游戏",
"淘气"
]
}
更新数据put【不推荐】
更新刚才小七的
id容易出现数据滞空(没有更新到的字段会空)
put是覆盖是更新,版本号属性会发生改变
PUT /crazy/_doc/BuqTLHMB85eJEC73D20H
{
"name":"小小七七",
"desc":"不知道如何形容"
}
更新数据post【推荐】
POST /crazy/_doc/BuqTLHMB85eJEC73D20H/_update
{
"doc":{
"desc":"小七很顽皮,也很帅"
}
}
直接删除一条数据(根据id)
DELETE /crazy/_doc/BuqTLHMB85eJEC73D20H
删除索引/或文档
DELETE /crazy
DELETE /crazy/_doc
复杂查询
模糊查询
例如:select * from table a where a.desc like “%苹果%”
这里的
desc字段类型是text,此类型字段会被分词器解析使用关键字
match查询,会使用分词器解析,先分析文档,然后通过分析的文档进行查询*
GET /crazy/_doc/_search
{
"query":{
"match":{
"desc":"苹果"
}
}
}
结果过滤 _source
上面的查询出来的字段太多了,只要展示name、age、desc即可
关键字
_source与请求体关键字query同级,逗号分隔,参数为数组GET /crazy/_doc/_search { "query":{ "match":{ "desc":"苹果" } }, "_source":["name","age","desc"] }
结果排序 sort
上面的结果例子:根据年龄升序
关键字
sort与请求体关键字query同级,逗号分隔,参数为数组对象GET /crazy/_doc/_search { "query":{ "match":{ "desc":"苹果" } }, "_source":["name","age","desc"], "sort":[{ "age":{ "order":"asc" } }] }
分页 from\size
要求:查询所有数据,每页2条数据,展示第2页
关键字:
from从第几个开始,下标0是第一个size查询多少条数据- 都与
query同级,逗号分隔GET crazy/_search { "query": { "match_all": {} }, "from": 2, "size": 2 }
bool条件查询
查询age=20岁并且desc有爱字的
bool-must必须同时满足多个条件,条件内部可使用
match/term,这里用的desc有爱age=20,是并且关系
must-should-must-not与或非条件内部为数组对象,每个条件都需要单独的=={ }==括起来GET /crazy/_doc/_search { "query": { "bool": { "must":[ { "match": { "desc": "爱" } }, { "term": { "age": "20" } } ] } } }
查询age=30或者tag标签有男字的
bool-should 或许满足某个条件,条件内部可使用
match/term,这里用的tag有男age=30,是或者关系
mustshouldmust-not与或非条件内部为数组对象,每个条件都需要单独的=={ }==括起来,GET /crazy/_doc/_search { "query": { "bool": { "should": [ { "term": { "age": "30" } }, { "match": { "tag": "男" } } ] } } }
查询年龄必须不等于30岁和desc没有香蕉的
bool-should 必须不等于某些条件,条件内部可使用
match/term,这里用的tag有男age=30,条件内部是与关系,意思这些条件都不能被满足GET /crazy/_doc/_search { "query": { "bool": { "must_not": [ { "term": { "age": "30" } }, { "match": { "desc": "香蕉" } } ] } } }
filter过滤器查询
查询10<=age>=30,desc有苹果或者香蕉的
这里的
desc或者可以用match多条件查询,空格分隔,都满足的靠前展示这里
filter是指过滤器,对上面的must结果进行过滤filter-range-lt-gt解释:
range范围过滤gt>=lt<=GET /crazy/_doc/_search { "query": { "bool": { "must":[ { "match": { "desc": "苹果 香蕉" } } ], "filter": { "range": { "age": { "gte": 10, "lte": 30 } } } } } }
高亮查询
查询desc有苹果或者香蕉的,并将苹果香蕉高亮
ES支持大概3种高亮方式:
plain highlighterfast vector highlighterposting highlighterPlain Highlighter为默认高亮,这里学习用默认的。
这里的测试数据查询结果为苹果香蕉字段默认添加
<em> </em>HTML标签GET /crazy/_doc/_search { "query": { "match":{ "desc":"苹果 香蕉" } }, "highlight":{ "fields":{ "desc":{} } } }
- 修改上面的默认标签方式,这里修改为p标签并指定class属性和行内元素颜色属性
pre_tags:前缀,``post_tags`:后缀GET /crazy/_doc/_search { "query": { "match":{ "desc":"苹果 香蕉" } }, "highlight":{ "pre_tags": "<p class='key' style='color:red'>", "post_tags":"</p>", "fields":{ "desc":{} } } }
聚合查询基本操作
类似与sql的分组group by
格式:
"aggs" : { // 声明聚合操作 "aggs_name" : { // 聚合名,可以自定义 "aggs_type" : { // 聚合类别比如sum,max,min,avg等等 aggs_body // 聚合体 }, "aggs" : { // 父子关系嵌套的另一个聚合,与上一个聚合逗号分隔 "aggs_name"{ "aggs_type" : { "aggs_body " } } }, "aggs" : { // 兄弟关系嵌套的另一个聚合,与上一个聚合逗号分隔 "aggs_name"{ "aggs_type" : { "aggs_body " } } } }
desc字段有苹果的人的平均年龄
- avg_age自定义返回平均值的名字
- avg 要做的聚合操作这里是求平均值,还有max,min等等
- field指定按什么字段进行聚合操作
- query-match模糊查询desc字段
GET /crazy/_doc/_search { "query":{ "match":{ "desc":"苹果" } }, "aggs": { "avg_age": { "avg": { "field": "age" } } } }
花式查询大集合:
条件1:1<
age>=30
条件2:tag包含男/游戏
条件3:desc包含苹果
条件4:高亮展示tag字段查询内容,并自定义标签
条件5:年龄age升序排序
条件6:格式化生日日期yyyy-MM-dd
条件7:计算结果的年龄统计信息ageStats
条件8:统计:0<age<=20岁分段统计,20<age<=50岁分段统计文档信息ageRanges
条件9:统计:20年之内出生的有多少人birthCounts
条件10:统计:30年内出生的年龄最小的是多少岁ageMinCounts
条件11:统计:年龄每隔5岁统计直方图聚合信息histogram等间距划分ageHistogram
条件12:统计:按固定时间段统计(年/月等等,这里用年)birthDateHistogramGET crazy/_search { "query": { "bool": { "must": [ { "match": { "desc": "苹果" } }, { "match": { "tag": "男 游戏" } } ], "filter": { "range": { "age": { "gt": 1, "lte": 30 } } } } }, "sort": [ { "age": { "order": "asc" } } ], "highlight": { "pre_tags": "<p cleaa='key' style='color:red'>", "post_tags": "</p>", "fields": { "tag": {} } }, "aggs": { "ageStats": { "stats": { "field": "age" } }, "ageRanges": { "range": { "field": "age", "ranges": [ { "from": 1, "to": 21 }, { "from": 21, "to": 51 } ] } }, "birthCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-20y", "to": "now" } ] } }, "birthMixCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-30y", "to": "now" } ] }, "aggs": { "ageMinCounts": { "min": { "field": "age" } } } }, "ageHistogram": { "histogram": { "field": "age", "interval": 5 } }, "birthDateHistogram": { "date_histogram": { "field": "birth", "format": "yyyy-MM-dd", "interval": "year" } } } }
结果
{ "took" : 7, "timed_out" : false, "_shards" : { "total" : 3, "successful" : 3, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : null, "hits" : [ { "_index" : "crazy", "_type" : "_doc", "_id" : "g-q4LXMB85eJEC73L3G1", "_score" : null, "_source" : { "name" : "张张三", "age" : 5, "birth" : "2015-02-20", "desc" : "张三5岁了,他也不爱吃苹果", "tag" : [ "萌宝", "游戏", "小暖男", "睡觉", "玩具" ] }, "highlight" : { "tag" : [ "<p cleaa='key' style='color:red'>游</p><p cleaa='key' style='color:red'>戏</p>", "小暖<p cleaa='key' style='color:red'>男</p>" ] }, "sort" : [ 5 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "guq4LXMB85eJEC73KHHH", "_score" : null, "_source" : { "name" : "小傻子", "age" : 20, "birth" : "2000-12-20", "desc" : "傻子不爱吃苹果", "tag" : [ "游戏", "直播", "直男", "渣男", "旅游" ] }, "highlight" : { "tag" : [ "<p cleaa='key' style='color:red'>游</p><p cleaa='key' style='color:red'>戏</p>", "直<p cleaa='key' style='color:red'>男</p>", "渣<p cleaa='key' style='color:red'>男</p>", "旅<p cleaa='key' style='color:red'>游</p>" ] }, "sort" : [ 20 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "huq4LXMB85eJEC73PnGM", "_score" : null, "_source" : { "name" : "王五五", "age" : 30, "birth" : "1990-09-25", "desc" : "王五爱吃苹果,还学java,也爱吃香蕉", "tag" : [ "直男", "技术宅", "睡觉", "听音乐", "大佬" ] }, "highlight" : { "tag" : [ "直<p cleaa='key' style='color:red'>男</p>" ] }, "sort" : [ 30 ] } ] }, "aggregations" : { "ageRanges" : { "buckets" : [ { "key" : "1.0-21.0", "from" : 1.0, "to" : 21.0, "doc_count" : 2 }, { "key" : "21.0-51.0", "from" : 21.0, "to" : 51.0, "doc_count" : 1 } ] }, "ageStats" : { "count" : 3, "min" : 5.0, "max" : 30.0, "avg" : 18.333333333333332, "sum" : 55.0 }, "ageHistogram" : { "buckets" : [ { "key" : 5.0, "doc_count" : 1 }, { "key" : 10.0, "doc_count" : 0 }, { "key" : 15.0, "doc_count" : 0 }, { "key" : 20.0, "doc_count" : 1 }, { "key" : 25.0, "doc_count" : 0 }, { "key" : 30.0, "doc_count" : 1 } ] }, "birthDateHistogram" : { "buckets" : [ { "key_as_string" : "1990-01-01", "key" : 631152000000, "doc_count" : 1 }, { "key_as_string" : "1991-01-01", "key" : 662688000000, "doc_count" : 0 }, { "key_as_string" : "1992-01-01", "key" : 694224000000, "doc_count" : 0 }, { "key_as_string" : "1993-01-01", "key" : 725846400000, "doc_count" : 0 }, { "key_as_string" : "1994-01-01", "key" : 757382400000, "doc_count" : 0 }, { "key_as_string" : "1995-01-01", "key" : 788918400000, "doc_count" : 0 }, { "key_as_string" : "1996-01-01", "key" : 820454400000, "doc_count" : 0 }, { "key_as_string" : "1997-01-01", "key" : 852076800000, "doc_count" : 0 }, { "key_as_string" : "1998-01-01", "key" : 883612800000, "doc_count" : 0 }, { "key_as_string" : "1999-01-01", "key" : 915148800000, "doc_count" : 0 }, { "key_as_string" : "2000-01-01", "key" : 946684800000, "doc_count" : 1 }, { "key_as_string" : "2001-01-01", "key" : 978307200000, "doc_count" : 0 }, { "key_as_string" : "2002-01-01", "key" : 1009843200000, "doc_count" : 0 }, { "key_as_string" : "2003-01-01", "key" : 1041379200000, "doc_count" : 0 }, { "key_as_string" : "2004-01-01", "key" : 1072915200000, "doc_count" : 0 }, { "key_as_string" : "2005-01-01", "key" : 1104537600000, "doc_count" : 0 }, { "key_as_string" : "2006-01-01", "key" : 1136073600000, "doc_count" : 0 }, { "key_as_string" : "2007-01-01", "key" : 1167609600000, "doc_count" : 0 }, { "key_as_string" : "2008-01-01", "key" : 1199145600000, "doc_count" : 0 }, { "key_as_string" : "2009-01-01", "key" : 1230768000000, "doc_count" : 0 }, { "key_as_string" : "2010-01-01", "key" : 1262304000000, "doc_count" : 0 }, { "key_as_string" : "2011-01-01", "key" : 1293840000000, "doc_count" : 0 }, { "key_as_string" : "2012-01-01", "key" : 1325376000000, "doc_count" : 0 }, { "key_as_string" : "2013-01-01", "key" : 1356998400000, "doc_count" : 0 }, { "key_as_string" : "2014-01-01", "key" : 1388534400000, "doc_count" : 0 }, { "key_as_string" : "2015-01-01", "key" : 1420070400000, "doc_count" : 1 } ] }, "birthMixCounts" : { "buckets" : [ { "key" : "1990-07-08-2020-07-08", "from" : 6.47432463045E11, "from_as_string" : "1990-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 3, "ageMinCounts" : { "value" : 5.0 } } ] }, "birthCounts" : { "buckets" : [ { "key" : "2000-07-08-2020-07-08", "from" : 9.63051663045E11, "from_as_string" : "2000-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 2 } ] } } }
所有数据
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 5,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "hOq4LXMB85eJEC73NnF2",
"_score" : 1.0,
"_source" : {
"name" : "李四",
"age" : 50,
"birth" : "1970-04-25",
"desc" : "李四50岁了,她爱吃香蕉,是个老太太",
"tag" : [
"老人",
"听戏",
"散步",
"睡觉",
"老太婆"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "guq4LXMB85eJEC73KHHH",
"_score" : 1.0,
"_source" : {
"name" : "小傻子",
"age" : 20,
"birth" : "2000-12-20",
"desc" : "傻子不爱吃苹果",
"tag" : [
"游戏",
"直播",
"直男",
"渣男",
"旅游"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "huq4LXMB85eJEC73PnGM",
"_score" : 1.0,
"_source" : {
"name" : "王五五",
"age" : 30,
"birth" : "1990-09-25",
"desc" : "王五爱吃苹果,还学java,也爱吃香蕉",
"tag" : [
"直男",
"技术宅",
"睡觉",
"听音乐",
"大佬"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "geq4LXMB85eJEC73HHHq",
"_score" : 1.0,
"_source" : {
"name" : "疯子",
"age" : 23,
"birth" : "1997-06-06",
"desc" : "疯子学elk来了",
"tag" : [
"JAVA",
"帅哥",
"HTML",
"暖男",
"看书"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "g-q4LXMB85eJEC73L3G1",
"_score" : 1.0,
"_source" : {
"name" : "张张三",
"age" : 5,
"birth" : "2015-02-20",
"desc" : "张三5岁了,他也不爱吃苹果",
"tag" : [
"萌宝",
"游戏",
"小暖男",
"睡觉",
"玩具"
]
}
}
]
}
}
声明:
博客中标注原创的文章,版权归本博客作者所有,若转载或者引用本文内容请注明来源及原作者,否则依法保留追究权
打赏功能被文章底部的···默认隐藏了,如果帮到你了点个赞呗,要么收藏一下?
【嘘~~~悄悄话:终有一日,你的日积月累,会成为的别人的望尘莫及】
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
