es查询和更新 语句示例
文档目录: https://www.elastic.co/guide/index.html
GET _search { "query": { "match_all": {} } } GET /_template/* PUT /_template/hs_server_template { "order": 0, "version": 60001, "index_patterns": [ "hs_server*" ], "settings": { "index": { "refresh_interval": "5s" } }, "mappings": { "doc": { "dynamic_templates": [ { "message_field": { "path_match": "message", "match_mapping_type": "string", "mapping": { "type": "text", "norms": false } } }, { "string_fields": { "match": "*", "match_mapping_type": "string", "mapping": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } ], "properties": { "@timestamp": { "type": "date" }, "@version": { "type": "keyword" }, "ErrorCode": { "type": "integer" }, "geoip": { "dynamic": true, "properties": { "ip": { "type": "ip", "latitude": { "type": "half_float" }, "longitude": { "type": "half_float" } } }, "responseLogTime": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd||epoch_millis||yyyy-MM-dd HH:mm:ss.SSSZ" } } } }, "aliases": {} } } DELETE /_template/my_test_play_dur_template PUT /_template/tv_stats_play_dur_template { "order": 0, "version": 60001, "index_patterns": [ "tv_stats_play_dur*" ], "settings": { "index": { "refresh_interval": "30s" } }, "mappings": { "doc": { "dynamic_templates": [ { "message_field": { "path_match": "message", "match_mapping_type": "string", "mapping": { "type": "text", "norms": false } } }, { "string_fields": { "match": "*", "match_mapping_type": "string", "mapping": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } ], "properties": { "@timestamp": { "type": "date" }, "@version": { "type": "keyword" }, "remote_address": { "type": "ip" }, "duration": { "type": "long" }, "id": { "type": "long" }, "importbatchno": { "type": "keyword" }, "index_name_suffix": { "type": "keyword" }, "mac": { "type": "keyword" }, "main_id": { "type": "long" }, "main_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "sub_id": { "type": "long" }, "sub_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "url": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "userid": { "type": "long" }, "versioncode": { "type": "keyword", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } }, "aliases": {} } GET /tv_stats_play_dur-2019-06-05/_search/ DELETE /my_test-2019.05.10 GET /my_test-2019.05.13/_search #query GET /tv_stats_play_dur*/_search { "query": { "bool": { "must": [ { "term": { "root_id": 5 } }, { "match": { "sub_id": 0 } } ], "must_not": [ { "match": { "root_name": "直播" } } ] } } } #batch update or bulk update POST /tv_stats_play_dur*/doc/_update_by_query?conflicts=proceed { "query": { "bool": { "must": [ { "term": { "root_id": 5 } }, { "match": { "sub_id": 0 } } ], "must_not": [ { "match": { "root_name": "直播" } } ] } }, "script": { "lang": "painless", "source": "ctx._source.root_name = params.live_name", "params": { "live_name": "直播" } } } # get count num of null root by root,main,sub GET /tv_stats_play_dur-2019-06-07*/_search?search_type=dfs_query_then_fetch { "query": { "bool": { "must_not": [ { "exists": { "field": "root_name.keyword" } } ] } }, "aggs": { "root_id": { "terms": { "field": "root_id", "size": 25 }, "aggs": { "main_id": { "terms": { "field": "main_id", "size": 25 }, "aggs": { "sub_id": { "terms": { "field": "sub_id", "size": 25 } } } } } } } } #root name null group by date GET /tv_stats_play_dur-2019-06*/_search?search_type=dfs_query_then_fetch { "query": { "bool": { "must_not": [ { "exists": { "field": "root_name.keyword" } } ] } }, "aggs": { "root_id": { "terms": { "field": "importbatchno", "size": 25 } } } } #search by import date GET /tv_stats_play_dur*/_search { "query": { "bool": { "must": [ { "term": { "importbatchno": 20190610 } } ] } } } #delete by import date POST /tv_stats_play_dur*/doc/_delete_by_query { "query": { "bool": { "must": [ { "term": { "importbatchno": 201906101 } } ] } } }
##########################
GET /hs_server_ahc_task*/_search
{
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"match": {
"LogMessage": "Error"
}
},
{
"match": {
"LogMessage": "MessagePull"
}
}
]
}
}
]
}
}
}
es同个字段,多个值搜索的案例
search_pdf_query = {"query": {
"bool":
{
"must": [
{"bool": {"should":[{"match_phrase": {"pdf_title":"年度报告"}},{"match_phrase":{"pdf_title":"季度报告"}}]}},
{"range": {"announce_date": {"gte": "2017-01-01","lte": "2018-12-31"}}},
{"terms": {"html_status": ["201", "300", "301", "302"]}},
{"terms": {"trade_code.keyword": ["600548","000548"]}}],
"must_not": [{"wildcard": {"origin_title.keyword": '*摘要'}},{"wildcard": {"origin_title.keyword": '*年度报告书'}}],
}},
"sort": [{"announce_date": "asc"}]
}
查找值包含某些文本的情况:
- 完全匹配情况下,对同一个字段的多个值搜索,使用terms查询,举例:
{"terms": {"html_status": ["201", "300", "301", "302"]}} - 如果不完全匹配,则在must里添加bool查询,再在bool里添加should查询,举例:
{"bool": {"should":[{"match_phrase": {"pdf_title":"年度报告"}},{"match_phrase":{"pdf_title":"季度报告"}}]}}
如何区分使用match,match_phrase,term可参考此篇
https://blog.csdn.net/camelcanoe/article/details/79544155
这里也涉及到查询的字段是否是 NOT_ANALYZED,ANALYZED字段无法使用term,只能使用match_phrase。
所以在新建index的时候需要把mapping设置好,哪些字段是ANALYZED,哪些是NOT_ANALYZED(感觉是个坑)
