_index/type/_id
/_search
在所有的索引中搜索所有的类型
/gb/_search
在 gb 索引中搜索所有的类型
/gb,us/_search
在 gb 和 us 索引中搜索所有的文档
/g*,u*/_search
在任何以 g 或者 u 开头的索引中搜索所有的类型
/gb/user/_search
在 gb 索引中搜索 user 类型
/gb,us/user,tweet/_search
在 gb 和 us 索引中搜索 user 和 tweet 类型
/_all/user,tweet/_search
在所有的索引中搜索 user 和 tweet 类型
//聚合:多个aggs是嵌套关系
"aggs": {
"NAME": {
"AGG_TYPE": {
"field":""
},
"aggs": {
"histogram":{
"field": "price",
"interval": 20000
}
}
}
}
NAME:自定义名称
field:作用的项
AGG_TYPE:可选参数有avg(求平均值),min,max,sum,terms(group by),cardinality(distinct),histogram(直方图,需要两个参数:field,interval指定间隔)
****************************************************************
histogram:date_histogram 按时间(一个月)排序
"aggs": {
"sales": {
"date_histogram": {
"field": "time",
"interval": "1d",
"format": "yyyy-MM-dd" ,
"order": {
"_key": "asc"
}
}
}
}
注释 : size:指定每页显示个数,from规定从哪开始--->手动分页
下面语句等价于:select * from getoneserver-* order by uid desc limit 0,20
GET /getoneserver-*/doc/_search
{
"from": 0,
"size":20,
"query": {
"match_all": {}
},
"sort": [
{
"uid": {
"order": "desc"
}
}
]
}
注释: bool >> must(and)/must_not(not)/should(or) >> match/match_phrase(长语句中间有空格不会被认为是or)/query_string(like)/range(指定范围)
下面语句等价于:select count() from getoneserver- where version='2.0.0' and platfrom like '%nd%' and uid = '6165210242' group by @timestamp (进行了时间转换)
GET /getoneserver-*/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{"match": {
"version": "2.0.0"
}},
{"query_string": {
"default_field": "platform",
"query": "*nd*"
}},
{"match_phrase": {
"uid": "6165210242"
}}
]
}
}
, "aggs": {
"NAME": {
"date_histogram": {
"field": "@timestamp",
"interval": "1d",
"format": "yyyy-MM-dd"
}
}
}
}
注释: 在2的基础上distinct(uid) ---> cardinality
GET /getoneserver-*/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{"match": {
"version": "2.0.0"
}},
{"query_string": {
"default_field": "platform",
"query": "*n*"
}},
{"match_phrase": {
"uid": "6165210242"
}}
]
}
}
, "aggs": {
"NAME": {
"date_histogram": {
"field": "@timestamp",
"interval": "1d",
"format": "yyyy-MM-dd"
},
"aggs": {
"distinct_uid": {
"cardinality": {
"field": "uid"
}
}
}
}
}
}
注释: [使查询结果高亮]: highlight
查找最近十分钟登录的人数(group by uid)
GET /getoneserver-*/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"cid": "1171400791"
}
},
{
"range": {
"@timestamp": {
"gt": "now-10m"
}
}
},
{
"match_phrase": {
"channel": {"query": "Hyz"}
}
}
]
}
},
"highlight": {
"fields": {
"@timestamp":{}
}
},
"aggs": {
"group_uid": {
"terms": {
"field": "uid"
}
}
}
}
查询具体的字段:“_source{"includes":["字段1","字段2"]}” //查询字段1,字段2
“_source{"excludes":["字段1","字段2"]}” //排除字段1,字段2
POST /login-g01-201/_search
{
"size": 300,
"query": {
"bool":{
"must": [
{
"match": {
"serviceName.keyword": "s1"
}
},
{
"match": {
"platform.keyword": "android"
}
},
{
"range": {
"@timestamp": {
"gte": "now-10d"
}
}
}
]
}
},
"_source":{
"includes": ["rid","logintime"]
}
,"aggs": {
"distinct_rid": {
"cardinality": {
"field": "rid"
}
}
}
}
1491
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
