GET _search
{
"query":{
"match_all" : {}
}
}
查询某一个indexName的indexType下共有多少文档
GET /${indexName}/${indexType}/_search 其中的hits.total代表了总共有多少个命中,下面的total会枚举前十个文档
查询某一个indexName的indexType下且ip为192.168.194.216共有多少文档(精确匹配)
GET /${indexName}/${indexType}/_search
{
"query":{
"match" : {
"ip": "192.168.194.216"
}
}
}
查询使用from,size(分页查询),且ip为192.168.194.216共有多少文档
POST /full_link_apm-2019-08-30/apm/_search
{
"from":10,
"size":1,
"query": {
"match": {
"ip":"192.168.194.216"
}
}
}
must,must_not,should联合查询,表示ip必须为xx,log_type必须为xx,response_status必须为。三者都满足
GET /full_link_apm-2019-08-30/apm/_search
{
"from": 0,
"size": 20,
"query": {
"bool": {
"must": [
{
"match": {
"ip": "192.168.194.216"
}
},
{
"match": {
"log_type": "应答"
}
},
{
"match": {
"response_status": "0"
}
}
]
}
}
}
ip为xxx 且时间大于"2019-08-30T09:26:07.036+0800" gte 大于等于 lte 小于等于 gt 大于 lt 小于
GET /full_link_apm-2019-08-30/apm/_search
{
"from": 0,
"size": 20,
"query": {
"bool": {
"must": [
{
"match": {
"ip": "192.168.194.216"
}
}
],
"filter": {
"range": {
"timestamp": {
"gte": "2019-08-30T09:26:07.036+0800",
"lte": "2019-08-30T09:26:07.036+0800"
}
}
}
}
}
}
聚合查询,根据_id来进行聚合
GET /full_link_apm-2019-08-30/apm/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": { //ip为192.168.194.216
"ip": "192.168.194.216"
}
}
],
"filter": {
"range": {
"timestamp": { //时间戳时间大于2019-08-30T00:20:07.000+0800
"gte": "2019-08-30T00:20:07.000+0800"
}
}
}
}
},
"aggs": { //调用聚合
"per_count": { //给聚合取一个名字
"terms": { //使用桶
"field": "_id" //聚合的类型
}
}
}
}
浙公网安备 33010602011771号