初体验
在控制台中换行追加
GET /返回结果
{
"name" : "VM-0-2-centos",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "7vOvlRHNTryqiI5KCHnhPg",
"version" : {
"number" : "7.15.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c",
"build_date" : "2021-11-04T14:04:42.515624022Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}进一步体验
添加文档
添加到Elasticsearch中的JSON对象被称为文档,文档在Elasticsearch中被存在可查询的索引中。
对于基于时间的数据,如日志数据,通常会添加文档到数据流中,这数据流是由多个自动生成的备份索引组成。
数据流需要一个匹配其名称的索引模板,Elasticsearch使用这个模板来配置流的备份索引。发送到数据流的文档必须包含@timestamp域。
执行命令
POST logs-my_app-default/_doc
{
"@timestamp": "2099-05-06T16:21:15.000Z",
"event": {
"original": "192.0.2.42 - - [06/May/2099:16:21:15 +0000] \"GET /images/bg.jpg HTTP/1.0\" 200 24736"
}
}命令解释:
POST:请求方式
logs-my_app-default:操作的索引名称,因为该名称的索引不存在,所以会自动创建,然后索引名称可以匹配上Elasticsearch的内置的索引模板logs-*-*,所以会使用该模板创建索引。
_doc:POST方式请求代表插入文档
返回结果(key_desc代表该键的描述,实际操作中,并没有这些键)
{
"_index_desc": "索引名称,可以看到创建出来的索引名称存在后缀",
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type_desc": "类型:文档",
"_type" : "_doc",
"_id_desc": "文档的ID",
"_id" : "Z3P7vH0Bx1dk2vv3QEcq",
"_version_desc": "文档的版本:1,每次更新了文档,会使版本加1",
"_version" : 1,
"result_desc": "结果,已创建",
"result" : "created",
"_shards_desc": "分片说明",
"_shards" : {
"total_desc": "索引总分片数为2",
"total" : 2,
"successful_desc": "保存成功的分片数:1",
"successful" : 1,
"failed": "失败的分片数:0",
"failed" : 0
},
"_seq_no_desc": "记录引起当前文档结果为当前结果的最后一个操作序号",
"_seq_no" : 0,
"_primark_term": "当前集群的版本",
"_primary_term" : 1
}_version和_seq_no解释参考https://www.cnblogs.com/Taeso/p/13363136.html
https://www.cnblogs.com/Taeso/p/13363136.html
_primary_term解释参考1https://blog.csdn.net/wade1010/article/details/109054712
批量添加文档
执行命令
PUT logs-my_app-default/_bulk
{ "create": { } }
{ "@timestamp": "2099-05-07T16:24:32.000Z", "event": { "original": "192.0.2.242 - - [07/May/2020:16:24:32 -0500] \"GET /images/hm_nbg.jpg HTTP/1.0\" 304 0" } }
{ "create": { } }
{ "@timestamp": "2099-05-08T16:25:42.000Z", "event": { "original": "192.0.2.255 - - [08/May/2099:16:25:42 +0000] \"GET /favicon.ico HTTP/1.0\" 200 3638" } }命令解释
PUT:请求方式
_bulk:批量操作
返回结果(key_desc代表该键的描述,实际操作中,并没有这些键)
{
"took_desc" : "操作消耗毫秒数",
"took" : 7,
"errors" : false,
"items_desc" : "操作项目",
"items" : [
{
"create" : {
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bXM2vX0Bx1dk2vv3fkc3",
"_version" : 1,
"result_desc" : "操作结果:已创建",
"result" : "created",
"_shards_desc" : "操作分片情况",
"_shards" : {
"total_desc" : "总分片数",
"total" : 2,
"successful_desc" : "操作成功的分片数:1",
"successful" : 1,
"failed_desc" : "操作失败的分片数:0",
"failed" : 0
},
"_seq_no" : 3,
"_primary_term" : 1,
"status" : 201
}
},
{
"create" : {
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bnM2vX0Bx1dk2vv3fkc3",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 4,
"_primary_term" : 1,
"status" : 201
}
}
]
}查询索引
执行命令
GET logs-my_app-default/_search命令解释
GET:操作请求方式
_search:代表对索引执行查询操作
返回结果(key_desc代表该键的描述,实际操作中,并没有这些键)
{
"took" : 456,
"timed_out_desc" : "是否超时:没有·",
"timed_out" : false,
"_shards_desc" : "扫描分片数",
"_shards" : {
"total_desc" : "总分片数",
"total" : 1,
"successful_desc" : "扫描成功分片数",
"successful" : 1,
"skipped_desc" : "扫描跳过分片数",
"skipped" : 0,
"failed_desc" : "扫描失败分片数",
"failed" : 0
},
"hits_desc" : "命中情况",
"hits" : {
"total_desc" : "命中总数描述",
"total" : {
"value_desc" : "命中总数值:5",
"value" : 5,
"relation_desc" : "命中总数值情况:精确值",
"relation" : "eq"
},
"max_score_desc" : "最大匹配分数",
"max_score" : 1.0,
"hits_desc" : "命中数组",
"hits" : [
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "Z3P7vH0Bx1dk2vv3QEcq",
"_score_desc" : "匹配分数",
"_score" : 1.0,
"_source_desc" : "数据源信息",
"_source" : {
"@timestamp" : "2099-05-06T16:21:15.000Z",
"event" : {
"original" : """192.0.2.42 - - [06/May/2099:16:21:15 +0000] "GET /images/bg.jpg HTTP/1.0" 200 24736"""
}
}
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "a3MWvX0Bx1dk2vv3MUdC",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2099-05-07T16:24:32.000Z",
"event" : {
"original" : """192.0.2.242 - - [07/May/2020:16:24:32 -0500] "GET /images/hm_nbg.jpg HTTP/1.0" 304 0"""
}
}
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bHMWvX0Bx1dk2vv3MUdC",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2099-05-08T16:25:42.000Z",
"event" : {
"original" : """192.0.2.255 - - [08/May/2099:16:25:42 +0000] "GET /favicon.ico HTTP/1.0" 200 3638"""
}
}
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bXM2vX0Bx1dk2vv3fkc3",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2099-05-07T16:24:32.000Z",
"event" : {
"original" : """192.0.2.242 - - [07/May/2020:16:24:32 -0500] "GET /images/hm_nbg.jpg HTTP/1.0" 304 0"""
}
}
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bnM2vX0Bx1dk2vv3fkc3",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2099-05-08T16:25:42.000Z",
"event" : {
"original" : """192.0.2.255 - - [08/May/2099:16:25:42 +0000] "GET /favicon.ico HTTP/1.0" 200 3638"""
}
}
}
]
}
}查询返回指定域
默认情况下,在_source中会返回文档的所有信息,但是对于大文档,这样会消耗额外的资源,因此Elasticsearch支持指定返回的域。
执行命令
GET logs-my_app-default/_search
{
"query": {
"match_all": {}
},
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
{
"@timestamp": "desc"
}
]
}命令解释
_source:指定为false则代表不返回_source信息
fields:通过该字段指定需要返回的域名称数组
sourt:指定排序域数组,其数组成员格式为
{ "域名称": "排序方式:asc(升序)/desc(倒序)" }
返回结果(key_desc代表该键的描述,实际操作中,并没有这些键)
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 5,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bHMWvX0Bx1dk2vv3MUdC",
"_score" : null,
"fields_desc": "返回的域",
"fields" : {
"@timestamp" : [
"2099-05-08T16:25:42.000Z"
]
},
"sort" : [
4081940742000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bnM2vX0Bx1dk2vv3fkc3",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-08T16:25:42.000Z"
]
},
"sort" : [
4081940742000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "a3MWvX0Bx1dk2vv3MUdC",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-07T16:24:32.000Z"
]
},
"sort" : [
4081854272000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bXM2vX0Bx1dk2vv3fkc3",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-07T16:24:32.000Z"
]
},
"sort" : [
4081854272000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "Z3P7vH0Bx1dk2vv3QEcq",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-06T16:21:15.000Z"
]
},
"sort" : [
4081767675000
]
}
]
}
}日期的范围查询
执行命令
GET logs-my_app-default/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "2099-05-05",
"lt": "2099-05-08"
}
}
},
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
{
"@timestamp": "desc"
}
]
}命令解释
query.range:使用范围查询,其下的数据格式为
"域名称": { "比较方式1": 比较值, "比较方式2": 比较值, }这里使用的域为@timestamp使用的比较方式分别为:gte => 大于等于,lt => 小于,对于日期类型的值的定义,除了具体的值外,还支持:"now-1d/d" => 当前时间的前一天,"now/d" => 当前日期
返回结果
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "a3MWvX0Bx1dk2vv3MUdC",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-07T16:24:32.000Z"
]
},
"sort" : [
4081854272000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "bXM2vX0Bx1dk2vv3fkc3",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-07T16:24:32.000Z"
]
},
"sort" : [
4081854272000
]
},
{
"_index" : ".ds-logs-my_app-default-2021.12.15-000001",
"_type" : "_doc",
"_id" : "Z3P7vH0Bx1dk2vv3QEcq",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-06T16:21:15.000Z"
]
},
"sort" : [
4081767675000
]
}
]
}
}以上是Elasticsearch的一些非常基础的操作,主要是为了能够让读者了解操作的方式和一些返回结果的意思,至于更多的操作方式,见后续文章。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
