Elasticsearch基本语句

查看集群

1. 查看集群健康

1
curl -X GET "localhost:9200/_cat/health?v"

2. 查看集群节点

1
curl -X GET "localhost:9200/_cat/nodes?v"

3. 查看集群所有索引

1
curl -X GET "localhost:9200/_cat/indices?v"

get 获取指定数据

1. 直接获取数据

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/AWSudIFgTuj3oZBEhyxK?pretty"

格式为 /{index}/{type}/{id}

字段 含义
monitor_log_mch_order_out 索引 (_index)
logs 索引的类型 (_type), 不知道类型可以用 _all 匹配
AWSudIFgTuj3oZBEhyxK id (_id)
pretty json格式显示数据, 可省略

2. 屏蔽或只查看 _source

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/AWSudIFgTuj3oZBEhyxK?pretty&_source=false"

添加 _source=false 即可

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/AWSudIFgTuj3oZBEhyxK/_source?pretty"

3. 过滤字段

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/AWSudIFgTuj3oZBEhyxK?pretty&_source_include=log*&_source_exclude=logType"

获取包含 log* 且不为 logType 的字段

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/AWSudIFgTuj3oZBEhyxK?pretty&_source=logType,logLevel"

只查询指定字段的简易写法

mget 多条件匹配查询

  1. 匹配多个索引, 同时查询多个id的数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
curl -X GET "localhost:9200/_mget?pretty" -H 'Content-Type: application/json' -d'
{
    "docs" : [
        {
            "_index" : "monitor_log_mch_order_out",
            "_type" : "logs",
            "_id" : "AWSudIFgTuj3oZBEhyxK"
        },
        {
            "_index" : "monitor_log_mch_order_out",
            "_type" : "logs",
            "_id" : "AWSuXewETuj3oZBEhywS"
        }
    ]
}
'
  1. 可以将索引写在host后面, 代表查询的都为同一索引下的数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
curl -X GET "localhost:9200/monitor_log_mch_order_out/_mget?pretty" -H 'Content-Type: application/json' -d'
{
    "docs" : [
        {
            "_type" : "logs",
            "_id" : "AWSudIFgTuj3oZBEhyxK"
        },
        {
            "_type" : "logs",
            "_id" : "AWSuXewETuj3oZBEhywS"
        }
    ]
}
'
  1. 合并index和type, 代表查询的都为同一索引下type也相同的数据
1
2
3
4
5
6
7
8
9
10
11
12
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/_mget?pretty" -H 'Content-Type: application/json' -d'
{
    "docs" : [
        {
            "_id" : "AWSudIFgTuj3oZBEhyxK"
        },
        {
            "_id" : "AWSuXewETuj3oZBEhywS"
        }
    ]
}
'

简化后如下:

1
2
3
4
5
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/_mget?pretty" -H 'Content-Type: application/json' -d'
{
	"ids" : ["AWSudIFgTuj3oZBEhyxK", "AWSuXewETuj3oZBEhywS"]
}
'

注: 当多个条件的 _type 相同时 可以使用 _all 或者省略

  1. 过滤字段, 每个Id分别对 _source进行过滤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
curl -X GET "localhost:9200/monitor_log_mch_order_out/_mget?pretty" -H 'Content-Type: application/json' -d'
{
    "docs" : [
        {
            "_id" : "AWSudIFgTuj3oZBEhyxK",
            "_source" : false
        },
        {
            "_id" : "AWSuXewETuj3oZBEhywS",
            "_source" : ["bizId", "method"]
        },
        {
            "_id" : "AWSuLAYqTuj3oZBEhysH",
            "_source" : {
                "include": ["log*"],
                "exclude": ["logLevel"]
            }
        }
    ]
}
'

_search 搜索

1. 匹配bizId 查询

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/_search?pretty&q=bizId:2009011201807190133430748068"

2. 同时指定类型

同时指定类型, 多个类型用 ‘,’ 隔开, 也支持多个索引勇士搜索, 多个索引用 ‘,’ 隔开, 或者模糊搜索

1
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/_search?pretty&q=bizId:2009011201807190133430748068"

3. 占位符 _all 匹配所有索引

1
curl -X GET "localhost:9200/_all/logs/_search?pretty&q=bizId:2009011201807190133430748068"

4. 匹配所有索引所有类型

1
curl -X GET "localhost:9200/_search?pretty&q=bizId:2009011201807190133430748068"

注: q 代表映射query_string

5. 请求体的方式

1
2
3
4
5
6
7
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/_search?pretty" -H 'Content-Type: application/json' -d'
{
    "query" : {
        "term" : { "bizId" : "2009011201807190133430748068" }
    }
}
'

6. 分页查询 from/size

1
2
3
4
5
6
7
8
curl -X GET "localhost:9200/monitor_log_mch_order_out/logs/_search?pretty" -H 'Content-Type: application/json' -d'
{
	"from" : 0, "size" : 1,
    "query" : {
        "term" : { "bizId" : "2009011201807190133430748068" }
    }
}
'

7. 查询并过滤字段

根据字段查询并筛选掉指定字段

1
2
3
4
5
6
7
8
9
10
11
curl -X GET "localhost:9200/_search?pretty" -H 'Content-Type: application/json' -d'
{
    "_source": {
        "includes": [ "costTime", "bizId" ],
        "excludes": [ "logLevel" ]
    },
    "query" : {
        "term" : { "bizId" : "2009011201807190133430748068" }
    }
}
'

范围查询

1. 按照时间范围查询

可以省略索引查询全部

1
2
3
4
5
6
7
8
9
10
11
12
13
curl -X GET "localhost:9200/monitor_log_mch_order_out/_search?pretty" -H 'Content-Type: application/json' -d'
{
    "query": {
        "range" : {
            "time" : {
                "gte": "2018-07-19 00:14:25:000",
                "lte": "2018-07-19 00:14:30:000",
                "format": "yyyy-MM-dd HH:mm:ss:SSS"
            }
        }
    }
}
'