导入
“github.com/olivere/elastic/v7”
func test() {
ctx := context.Background()
*//定义http客户端的请求属性 *
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
client, err := elastic.NewClient(
*// elasticsearch 服务地址,多个服务地址使用逗号分隔*
elastic.SetURL("https://1.1.1.1"),
elastic.SetSniff(false),
elastic.SetHttpClient(http_client),
*// 基于http base auth验证机制的账号和密码*
elastic.SetBasicAuth("username", "password"))
if err != nil {
log.Println(err)
}
*//索引是否存在*
exists, err := client.IndexExists("index").Do(ctx)
if err != nil {
log.Println(err)
}
if !exists {
log.Println("Index isn't exists!")
}else {
log.Println("Index OK!")
}
*//es查询语句,和dsl语法联动*
*//示例1:最近5分钟内test字段是content内容的所有结果*
searchquery := elastic.NewBoolQuery()
searchquery = searchquery.Filter(elastic.NewRangeQuery("@timestamp").Gte("now-5m").Lt("now"))
searchquery = searchquery.Filter(elastic.NewTermQuery("test","content"))
Result, err := client.Search().
Index("index"). //指定索引
Query(searchquery). //查询语句
TrackTotalHits(true). //返回所有的内容,不限于9999条
Pretty(true). //JSON以json的形式返回信息
Sort("test", true). //按字段"test"排序,升序排序
From(0).
Do(ctx)
if err != nil {
log.Println("search failed!")
}
*//一共有多少结果*
count := Result.TotalHits()
*//获取结果hits.hits里面test字段的内容*
var a map[string]interface{}
for _, i := range Result.Hits.Hits{
err:= json.Unmarshal(i.Source, &a)
if err != nil {
log.Println("unmarshal failed!")
}
log.Println(a["test"])
}
*//示例2:当天test字段不为none的所有结果*
searchquery := elastic.NewBoolQuery()
searchquery = searchquery.Filter(elastic.NewRangeQuery("@timestamp").Gte("now/d")).Lt("now"))
searchquery = searchquery.Filter(elastic.NewQueryStringQuery("NOT test:none"))
Result, err := client.Search().
Index("index"). //指定索引
Query(searchquery). //查询语句
TrackTotalHits(true). //返回所有的内容,不限于9999条
Pretty(true). //JSON以json的形式返回信息
Sort("test", true). //按字段"test"排序,升序排序
Do(ctx)
if err != nil {
log.Println("search failed!")
}
*//一共有多少结果*
count := Result.TotalHits()
*//获取结果hits.hits里面test字段的内容*
var a map[string]interface{}
for _, i := range Result.Hits.Hits{
err:= json.Unmarshal(i.Source, &a)
if err != nil {
log.Println("unmarshal failed!")
}
log.Println(a["test"])
}
*//示例3:当天时间内聚合test字段不为none的其他test字段内容,并升序排序*
searchquery := elastic.NewBoolQuery()
agg := elastic.NewTermsAggregation().Field("test.keyword").Size(10000)
searchquery = searchquery.Filter(elastic.NewRangeQuery("@timestamp").Gte("now/d")).Lt("now"))
searchquery = searchquery.Filter(elastic.NewQueryStringQuery("NOT test:none"))
Result, err := client.Search().
Index("index"). //指定索引
Query(searchquery). //查询索引
Aggregation("all",agg). //聚合字段
TrackTotalHits(true). //返回所有的内容,不限于9999条
Pretty(true). //JSON以json的形式返回信息
Sort("test", true). //按字段"test"排序,升序排序
Do(ctx)
if err != nil {
log.Println(err)
}
*//获取聚合里面的内容*
term,found :=Result.Aggregations.Terms("all")
if !found {
log.Fatal("unfound aggregations!")
}
buckets := make(map[string]int64)
for _, bucket := range term.Buckets {
buckets[bucket.Key.(string)] = bucket.DocCount
}
log.Println(buckets)
*//示例4:当天时间内聚合test字段不为none的其他字段内容信息,并升序排序*
searchquery := elastic.NewBoolQuery()
agg := elastic.NewTermsAggregation().Script(elastic.NewScript("需要聚合的查询信息,可写if判断语句 例如 if(doc['test.keyword'.size()>0 return 0 esle return 1])")).Size(10000)
searchquery = searchquery.Filter(elastic.NewRangeQuery("@timestamp").Gte("now/d")).Lt("now"))
searchquery = searchquery.Filter(elastic.NewQueryStringQuery("NOT test:none"))
Result, err := client.Search().
Index("index"). //指定索引
Query(searchquery). //查询语句
Aggregation("all",agg). //聚合字段
TrackTotalHits(true). //返回所有的内容,不限于9999条
Pretty(true). //JSON以json的形式返回信息
Sort("test", true). //按字段"test"排序,升序排序
Do(ctx)
if err != nil {
log.Println(err)
}
*//获取聚合里面的内容*
term,found :=Result.Aggregations.Terms("all")
if !found {
log.Fatal("unfound aggregations!")
}
buckets := make(map[string]int64)
for _, bucket := range term.Buckets {
buckets[bucket.Key.(string)] = bucket.DocCount
}
log.Println(buckets)
}