本文描述问题及解决方法同样适用于 腾讯云 Elasticsearch Service(ES)。
1. 全文检索
2. 查询指定字段
3. 排序
4. 分页查询
5. 多条件查询
6. 过滤器的使用
7. 聚合查询
1)创建一个索引(不指定分片和副本默认1个分片,一个副本)
PUT blog
2)创建一个指定分片和副本数量的索引
PUT blog
{
"settings":{
"index":{
"number_of_shards":5,
"number_of_replicas":1
}
}
}
PUT blog
{
"mappings": {
"properties": {
"name": {
"type": "text"
},
"content": {
"type": "text"
},
"type": {
"type": "keyword"
}
}
}
}
POST blog/_doc/1
{
"name": "生蚝熟了之后还是生蚝吗",
"content":"还是生蚝",
"type":"科普"
}
GET monit-index-2020.07.21/_search
{
"query":{
"bool":{
"should":[
{
"match":{
"action":"dbcsyncservice/sync_diyring"
}
},
{
"match":{
"retdesc":"成功7777"
}
}
]
}
}
}
hits:索引和文档的信息,以及最大分值,结果总数,然后就是具体的文档
GET monit-index-2020.07.21/_search
{
"query":{
"match":{
"action":"dbcsyncservice/sync_diyring"
}
},
"_source":[
"action",
"respkg"
]
}
_source:指定字段
GET monit-index-2020.07.21/_search
{
"query": {
"match": {
"action": "dbcsyncservice/sync_diyring"
}
},
"sort": [
{
"timespan.keyword": {
"order": "desc"
}
}
]
}
order:desc降序,asc升序
GET monit-index-2020.07.21/_search
{
"query": {
"match": {
"action": "dbcsyncservice/sync_diyring"
}
},
"sort": [
{
"timespan.keyword": {
"order": "asc"
}
}
],
"from": 0,
"size": 2
}
from:从第几个开始
size:返回几个值
三种不同的分页方式:
优点:实现简单;缺点:深度分页的场景下,搜索性能低
优点:性能较高;缺点:实现相对复杂
GET monit-index-2020.07.21/_search
{
"query":{
"bool":{
"must":[
{
"match":{
"action":"dbcsyncservice/sync_diyring"
}
},
{
"match":{
"localip":"BJ01-DIY-SER03"
}
}
]
}
},
"_source":[
"action",
"localip"
]
}
GET monit-index-2020.07.21/_search
{
"query":{
"bool":{
"must_not":[
{
"match":{
"action":"dbcsyncservice/sync_diyring"
}
}
]
}
},
"_source":[
"action",
"localip"
]
}
GET monit-index-2020.07.21/_search
{
"query": {
"bool": {
"must_not": [
{
"match": {
"status": "success"
}
}
],
"must": [
{
"match": {
"action": "/Interfaces/userservice/v2/o_vrbt"
}
}
]
}
}
}
must:and关系,都要符合
should:or关系
must_not:一定不等于
GET monit-index-2020.07.21/_search
{
"query":{
"bool":{
"must":[
{
"match":{
"action":"dbcsyncservice/sync_diyring"
}
}
],
"filter":{
"range":{
"port.keyword":{
"gte":8899
}
}
}
}
},
"_source":[
"action",
"port"
]
}
查询action 是dbcsyncservice/sync_diyring的,并且端口是大于等于8899的文档
GET spcl-elastalert-01/_search
{
"aggs": {
"my_count": {
"terms": {
"field": "match_body.name.keyword",
"size": 10
}
}
}
}
GET spcl-elastalert-01/_search
{
"aggs": {
"my_count": {
"terms": {
"field": "match_body.name.keyword",
"size": 10
}
}
},
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lte": "now"
}
}
}
]
}
}
}
GET spcl-elastalert-01/_search
{
"aggs": {
"my_count": {
"terms": {
"field": "match_body.name.keyword",
"size": 10
},
"aggs": {
"alert_max": {
"max": {
"field": "match_body.num_hits"
}
}
}
}
},
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lte": "now"
}
}
}
]
}
}
}
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。