elasticsearch结合Java Api操作

最新推荐文章于 2022-12-07 09:05:14 发布
最新推荐文章于 2022-12-07 09:05:14 发布
阅读量267 收藏 3
点赞数 3
文章标签: java elasticsearch 搜索引擎 es jdk
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_21083291/article/details/117996325
版权

文章目录

一、es6.8版本后进行了比较大的改动,包括Api操作

1、pom依赖

        <dependency>
            <groupId>org.elasticsearch</groupId>
            <artifactId>elasticsearch</artifactId>
            <version>6.8.1</version>
        </dependency>

es6.8以后,官方给出了两种请求api,一个是高级,一个是低级,官方建议换成高级,并且抛弃了以前的transportClient这个api,目前的高级只不过是对低级的封装。

 <!-- 低级 -->
        <dependency>
            <groupId>org.elasticsearch.client</groupId>
            <artifactId>elasticsearch-rest-client</artifactId>
            <version>6.8.1</version>
        </dependency>

        <!-- 高级 -->
        <dependency>
            <groupId>org.elasticsearch.client</groupId>
            <artifactId>elasticsearch-rest-high-level-client</artifactId>
            <version>6.8.1</version>
        </dependency>

2、连接池api

//高级
    public RestHighLevelClient getEsHighInit() throws Exception {
        RestClientBuilder http = RestClient.builder(new HttpHost("192.168.1.1", 111, "http"))
                .setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
                    @Override
                    public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder requestConfigBuilder) {
                        requestConfigBuilder.setConnectTimeout(10000);
                        requestConfigBuilder.setSocketTimeout(10000);
                        requestConfigBuilder.setConnectionRequestTimeout(10000);

                        return requestConfigBuilder;
                    }
                }).setMaxRetryTimeoutMillis(60 * 10000);
        return new RestHighLevelClient(http);

    }
//低级
    public RestClientBuilder getEsLowInit() throws Exception {
        RestClientBuilder http = RestClient.builder(new HttpHost("192.168.1.1", 111, "http"))
                .setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
                    @Override
                    public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder requestConfigBuilder) {
                        requestConfigBuilder.setConnectTimeout(10000);
                        requestConfigBuilder.setSocketTimeout(10000);
                        requestConfigBuilder.setConnectionRequestTimeout(100000);
                        return requestConfigBuilder;
                    }
                }).setMaxRetryTimeoutMillis(60 * 10000);
        return  http;
    }

二、根据kibana语句的Java api查询

1、根据索引名查询数据,不含任何条件,默认返回十条
GET alert/_search
{
  "query": {
    "match_all": {}
  }
}
======
    @Test
    public void test(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            SearchHits hits = search.getHits();
            SearchHit[] hits1 = hits.getHits();
            for (SearchHit documentFields : hits1) {
                Map<String, Object> sourceAsMap = documentFields.getSourceAsMap();
                System.out.println(sourceAsMap);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
2、根据时间和索引查询数据
GET alert/_search
{
  "query": {
   "bool": {
     "filter": {
       "range": {
         "timefirst": {
           "gte": 0,
           "lte": 1610209248000
         }
       }
     }
   }
  }
}
//借助QueryBuilders工具类查询,QueryBuilders可以构建查询条件
    @Test
    public void test(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            BoolQueryBuilder boolQuery =
                    QueryBuilders.boolQuery()
                            .filter(QueryBuilders.rangeQuery("timefirst")
                                    .gte(0).lte(1610209248000L));
            searchSourceBuilder.query(boolQuery);
            searchRequest.source(searchSourceBuilder);
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            SearchHits hits = search.getHits();
            SearchHit[] hits1 = hits.getHits();
            for (SearchHit documentFields : hits1) {
                Map<String, Object> sourceAsMap = documentFields.getSourceAsMap();
                System.out.println(sourceAsMap);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
3、根据条件一定存在某个字段进行查询
GET alert/_search
{
  "query": {
   "bool": {
     "must": [
       {
         "exists": {
           "field": "level"
         }
       },
           {
           "exists":{
              "field":"src" 
              }
           }
     ]
   }
  }
}
  @Test
    public void test(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            BoolQueryBuilder boolQuery =
                    QueryBuilders.boolQuery()
                            .must(QueryBuilders.existsQuery("level")).must(QueryBuilders.existsQuery("src"));
            searchSourceBuilder.query(boolQuery);
            searchRequest.source(searchSourceBuilder);
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            SearchHits hits = search.getHits();
            SearchHit[] hits1 = hits.getHits();
            for (SearchHit documentFields : hits1) {
                Map<String, Object> sourceAsMap = documentFields.getSourceAsMap();
                System.out.println(sourceAsMap);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
4、根据索引和所在多个ip值进行查询数组查询
GET alert/_search
{
  "query": {
   "bool": {
     "filter": {
       "terms": {
         "entityip": [
           "10.67.9.1",
           "172.17.0.1"
         ]
       }
     }
   }
  }
}
=============
    @Test
    public void test(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            BoolQueryBuilder boolQuery =
                    QueryBuilders.boolQuery()
                            .filter(QueryBuilders.termsQuery("entityip","10.67.9.1","172.17.0.1"));
            searchSourceBuilder.query(boolQuery);
            searchRequest.source(searchSourceBuilder);
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            SearchHits hits = search.getHits();
            SearchHit[] hits1 = hits.getHits();
            for (SearchHit documentFields : hits1) {
                Map<String, Object> sourceAsMap = documentFields.getSourceAsMap();
                System.out.println(sourceAsMap);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
5、根据索引和某个字段前缀值查询数据
GET alert/_search
{
  "query": {
   "bool": {
     "should":[
			  //满足以下三个其中的任意一个都为攻击
         { "prefix": { "entitytype": "security"}
         }
         ]
   }
  }
}
=======================================
SearchRequest searchRequest = new SearchRequest("alert");
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
BoolQueryBuilder boolQuery =
        QueryBuilders.boolQuery()
                .should(QueryBuilders.prefixQuery("entitytype","security"));
searchSourceBuilder.query(boolQuery);
searchRequest.source(searchSourceBuilder);
SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
6、根据索引和某个字段的值查询
GET alert/_search
{
  "query": {
   "bool": {
     "should": [
         { "match": { "entityname": "LanSecS" }
         }
     ]
   }
  }
}

SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
BoolQueryBuilder boolQuery =
QueryBuilders.boolQuery()
      .should(QueryBuilders.matchQuery("entityname","LanSecS"));
searchSourceBuilder.query(boolQuery);
searchRequest.source(searchSourceBuilder);
SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
7、根据索引和某个字段的值集合分组
//aggs分组聚合查询
GET alert/_search
{
  "aggs": {
    "my_aggs": {
       "terms":{
       //字段.keyword是将entityname这个字段转化为字符串
            "field": "entityname.keyword"
        }
    }
  }, 
  "size": 1
}
  @Test
    public void test2(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            TermsAggregationBuilder entityname = AggregationBuilders.terms("my_aggs").field("entityname.keyword");
                   // .subAggregation();
            searchSourceBuilder.aggregation(entityname);
            searchRequest.source(searchSourceBuilder);
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            ParsedStringTerms gradeTerms = (ParsedStringTerms) search.getAggregations().getAsMap().get("my_aggs");
            List<? extends Terms.Bucket> buckets = gradeTerms.getBuckets();
            for (Terms.Bucket bucket : buckets) {
                String keyAsString = bucket.getKeyAsString();
                System.out.println(keyAsString);
                long docCount = bucket.getDocCount();
                System.out.println(docCount);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

结果,key为entityname的值,doc_count为这个值的数量,如同mysql分组,可以用来查询统计数据
在这里插入图片描述

8、根据索引和多个字段的值聚合分组
//用entityname和orgid进行多字段聚合
GET alert/_search
{
  "aggs": {
    "my_aggs": {
       "terms":{
            "field": "entityname.keyword"
        },
    "aggs": {
      "my_aggs2": {
        "terms": {
          "field": "orgid.keyword"
        }
      }
    }
    }
  },
    "size": 1
}
=======================================
    @Test
    public void test2(){
        EsTestApplicationTests esTestController = new EsTestApplicationTests();
        RestHighLevelClient esHighInit = null;
        try {
            esHighInit = esTestController.getEsHighInit();
            SearchRequest searchRequest = new SearchRequest("alert");
            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            TermsAggregationBuilder entityname = AggregationBuilders.terms("my_aggs").field("entityname.keyword");
            entityname.subAggregation(AggregationBuilders.terms("my_aggs2").field("orgid.keyword"));
                   // .subAggregation();
            searchSourceBuilder.aggregation(entityname);
            searchRequest.source(searchSourceBuilder);
            SearchResponse search = esHighInit.search(searchRequest, RequestOptions.DEFAULT);
            ParsedStringTerms gradeTerms = (ParsedStringTerms) search.getAggregations().getAsMap().get("my_aggs");
            List<? extends Terms.Bucket> buckets = gradeTerms.getBuckets();
            for (Terms.Bucket bucket : buckets) {
                String keyAsString = bucket.getKeyAsString();
                System.out.println(keyAsString);
                long docCount = bucket.getDocCount();
                System.out.println(docCount);
                ParsedStringTerms gradeTerms2 = (ParsedStringTerms) bucket.getAggregations().getAsMap().get("my_aggs2");
                List<? extends Terms.Bucket> buckets1 = gradeTerms2.getBuckets();
                for (Terms.Bucket bucket1 : buckets1) {
                    String keyAsString2 = bucket1.getKeyAsString();
                    System.out.println(keyAsString2);
                    long docCount2 = bucket1.getDocCount();
                    System.out.println(docCount2);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

返回结果
在这里插入图片描述

8、根据索引和必在,前缀,必值,多个字段的值聚合分组,多方式集合
会改bug的程序员
关注
  • 3
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 1
    评论
java使用elasticsearch分组进行聚合查询(group by)-项目中实际应用
chenyuanbo_的博客
01-09 3225
java使用elasticsearch分组进行聚合查询(group by)-项目中实际应用
ES聚合与分组查询取值参数含义(Java api版本)
最新发布
m0_74444744的博客
11-16 795
ES聚合与分组查询取值参数含义
ElasticSearchJava中的使用
qq2444036297的博客
06-29 7213
ElasticSearchJava中的使用
Es Java多字段分组查询
weixin_49456013的博客
05-12 5764
es按照多个字段分组查询 GET /你的索引/_search { "size": 0, "aggregations": { "字段一的结果命名": { "terms": { "field": "startTime.keyword" }, "aggregations": { "字段二的结果命名": { "terms": { "field": "aa.keyword" } } } } } } java 代码实现:
ES复杂分组同时多聚合统计实现(java
zwrlj527的专栏
01-07 1万+
前言 本来计划上一篇是最近的最后一篇,然后,这周手上还分的一点活,按照计划处理完成了,这会顺便跟大家分享下。 内容是java操作ES做分组、聚合统计。 一、需求场景 其实需求也不复杂,就是一个红外感应的物联网设备进出都有统计上报流水,然后客户提出需要对这些数据进行统计,计算客流数量,进行展示。 二、需求分析 经过沟通确认,这个需求可以沉淀升级为一个通用的流水分组聚合统计接口。拆解结果,接口具体要求: 1、区分项目 2、租户下设备 (分组) 3、设备属性(分组) 4、统计类型 (平均值、求数目、求和)
Java Api elasticsearch 组合查询
lhp12355的博客
08-13 176
public class ESTest_Doc_Query { public static void main(String[] args) throws Exception { //创建ES客户端 RestHighLevelClient esClient = new RestHighLevelClient( RestClient.builder(new HttpHost("localhost",9200,"http")) ...
Java Api elasticsearch 范围查询
lhp12355的博客
08-13 762
public class ESTest_Doc_Query { public static void main(String[] args) throws Exception { //创建ES客户端 RestHighLevelClient esClient = new RestHighLevelClient( RestClient.builder(new HttpHost("localhost",9200,"http")) ...
elasticsearch java操作api实例
09-29
Elasticsearch是一个分布式、RESTful风格的搜索和数据分析引擎,被广泛用于实时的索引和搜索,尤其在大数据分析和实时数据检索...同时,合理使用Java API提供的方法,可以有效提升Elasticsearch操作的效率和灵活性。
Java API整合ES实现深分页,高亮等操作.zip
03-22
本压缩包文件"Java API整合ES实现深分页,高亮等操作.zip"可能包含了一个Java应用程序,该程序展示了如何使用Java API来实现Elasticsearch的高级功能,如深度分页和高亮显示。深度分页是指在大数据量下,能够有效地...
ElasticSearch Java API
12-09
在博客《Elasticsearch Java API详解》中,作者分享了一个使用Java API操作Elasticsearch的实例,包括如何创建索引、插入数据、执行搜索和聚合。通过这个实例,你可以深入理解Elasticsearch Java API的使用方法和...
java使用elasticsearch分组进行聚合查询过程解析
08-25
主要介绍了java使用elasticsearch分组进行聚合查询过程解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
JAVA实现ElasticSearch的简单实例
07-29
在eclipse上,操作elasticsearch的简单程序
ES6javaAPI
07-14
新版ES6,java客户端操作elasticsearch比较详细的API
springMVC整合elasticsearch,基于maven
06-15
简单整合,不是spring-data,无api操作示例
elasticsearch java api
09-10
Elasticsearch Java API是开发Elasticsearch应用时常用的一个接口,它允许开发者使用Java语言与Elasticsearch集群进行交互。由于“隔壁的30分比较老,基本上都用不了”,这可能指的是早期版本的教程或API已经过时,...
elasticsearch-java-demo
12-01
开发者可以从中学习如何设置 Elasticsearch 配置,以及如何使用 Java API 进行数据操作。 总的来说,Elasticsearch 结合 Spring Boot 和 Java 提供了一个高效、灵活的解决方案,用于处理大规模数据的搜索和分析任务...
Elasticsearch结合Java使用之Spring方法
weixin_48140105的博客
03-26 431
Elasticsearch结合Java使用之Spring方法导航前期准备 导航 前期准备
java 操作elasticsearch详细总结
热门推荐
congge_study的博客
12-07 3万+
java 操作elasticsearch详细总结
ES(elasticsearch)搜索引擎 结合java 使用
qq_42011565的博客
12-17 4211
ES(elasticsearch)搜索引擎 结合java 使用 官方文档地址: https://www.elastic.co/guide/en/elasticsearch/client/java-rest/7.x/java-rest-high.html 重点概念: 文件索引块是因为使用了倒排索引 倒排索引: 例如 文件a 中有 单词 java php ,文件b中有 java php python ,文件c 中有java , python 那么 单词对应的文件为: java :a ,b,c
Elasticsearch1.x Java API实战:增删改查与优化指南
本教程详细介绍了如何使用Java APIElasticsearch 1.2版本进行交互,涵盖了从基础知识到高级特性的全面内容,旨在帮助开发者理解并熟练掌握ElasticsearchJava开发。以下是教程的主要知识点: ### 第一部分:搜索...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

会改bug的程序员

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值