ELK四：复杂查询

1.多个查询条件，以空格分隔，或的关系。

GET s18/doc/_search
{
  "query": {
    "match": {
      "tags": "武林 人士"
    }
  }
}

{
  "took" : 4,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 3,
      "relation" : "eq"
    },
    "max_score" : 2.0253947,
    "hits" : [
      {
        "_index" : "s18",
        "_type" : "doc",
        "_id" : "3",
        "_score" : 2.0253947,
        "_source" : {
          "name" : "tom",
          "age" : 35,
          "tags" : "武林高手",
          "b" : "19820515"
        }
      },
      {
        "_index" : "s18",
        "_type" : "doc",
        "_id" : "2",
        "_score" : 0.97054905,
        "_source" : {
          "name" : "lily",
          "age" : 29,
          "tags" : "知情人士",
          "b" : "19900105"
        }
      },
      {
        "_index" : "s18",
        "_type" : "doc",
        "_id" : "1",
        "_score" : 0.884349,
        "_source" : {
          "name" : "eva",
          "age" : 23,
          "tags" : "IT专业人士",
          "b" : "20001215"
        }
      }
    ]
  }
}

2.查询所有文档：match_all或者没有任何条件

GET s18/doc/_search
{
  "query": {
    "match_all": {
    }
  }
}

3.排序，sort：

desc降序，asc升序

GET s18/doc/_search
{
  "query": {
    "match_all": {}
  },
  "sort": [
    {
      "age": {
        "order": "desc"
      }
    }
  ]
}

4.分页，from ...size：

GET s18/doc/_search
{
  "query": {
    "match_all": {}
  },
  "from": 0,
  "size": 2
}

5.布尔查询bool-----should，must，must_not分别相当于or，and，not：

GET s18/doc/_search
{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "name": "j"
          }
        },
        {
          "match": {
            "age": "35"
          }
        }
      ]
    }
  }
}

GET s18/doc/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "name": "j"
          }
        },
        {
          "match": {
            "age": "35"
          }
        }
      ]
    }
  }
}

GET s18/doc/_search
{
  "query": {
    "bool": {
      "must_not": [
        {
          "match": {
            "name": "j"
          }
        },
        {
          "match": {
            "age": "35"
          }
        }
      ]
    }
  }
}

查询年龄大于等于25岁，小于等于50岁的男性的文档

GET s18/doc/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "sex": "男"
          }
        }
      ],
      "filter": {
        "range": {
          "age": {
            "gte": 25,
            "lte": 50
          }
        }
      }
    }
  }
}

filter中尽量使用must，避免脏数据

GET s18/doc/_search
{
  "query": {
    "bool": {
      "must_not": [
        {
          "match": {
            "sex": "男"
          }
        }
      ],
      "filter": {
        "range": {
          "age": {
            "lte": 23
          }
        }
      }
    }
  }
}

6.高亮查询

查询name是jacky的文档，高亮显示名字

GET s18/doc/_search
{
  "query": {
      "match": {
        "name": "lily"
      }
  },
  "highlight": {
    "fields": {
      "name": {}
    }
  }
}

GET s18/doc/_search
{
  "query": {
      "match": {
        "name": "lily"
      }
  },
  "highlight": {
    "pre_tags": "<b style='color:red;font-size:20px;' class='haha'>", 
    "post_tags": "</b>", 
    "fields": {
      "name": {}
    }
  }
}

7.结果过滤：

条件过滤：filter

字段过滤：_source

GET s18/doc/_search
{
  "query": {
      "match": {
        "name": "lily"
      }
  },
  "_source": ["name", "age", "tags"]
}

8.聚合查询

sum，查询所有男性的年龄之和

GET s18/doc/_search
{
  "query": {
      "match": {
        "sex": "男"
      }
  },
  "aggs": {
    "my_sum": {
      "sum": {
        "field": "age"
      }
    }
  }
}

{
  "took" : 181,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 0.87546873,
    "hits" : [
      {
        "_index" : "s18",
        "_type" : "doc",
        "_id" : "1",
        "_score" : 0.87546873,
        "_source" : {
          "name" : "eva",
          "age" : 23,
          "tags" : "IT专业人士",
          "sex" : "男",
          "b" : "20001215"
        }
      },
      {
        "_index" : "s18",
        "_type" : "doc",
        "_id" : "2",
        "_score" : 0.87546873,
        "_source" : {
          "name" : "lily",
          "age" : 29,
          "sex" : "男",
          "tags" : "知情人士",
          "b" : "19900105"
        }
      }
    ]
  },
  "aggregations" : {
    "my_sum" : {
      "value" : 52.0
    }
  }
}

max，查询年龄最大的男性

GET s18/doc/_search
{
  "query": {
      "match": {
        "sex": "男"
      }
  },
  "aggs": {
    "max_male": {
      "max": {
        "field": "age"
      }
    }
  }
}

.....
  "aggregations" : {
    "max_male" : {
      "value" : 29.0
    }
  }

min

avg，求所有人的平均年龄

GET s18/doc/_search
{
  "aggs": {
    "age_avg": {
      "avg": {
        "field": "age"
      }
    }
  }
}

group by，对男性根据年龄，10-20，20-30，30-100分组

GET s18/doc/_search
{
  "query": {
    "match": {
      "sex": "男"
    }
  }, 
  "aggs": {
    "my_group": {
      "range": {
        "field": "age",
        "ranges": [
          {
            "from": 10,
            "to": 20
          },
          {
            "from": 20,
            "to": 30
          },
          {
            "from": 30,
            "to": 100
          }
        ]
      }
    }
  }
}

.....
  "aggregations" : {
    "my_group" : {
      "buckets" : [
        {
          "key" : "10.0-20.0",
          "from" : 10.0,
          "to" : 20.0,
          "doc_count" : 0
        },
        {
          "key" : "20.0-30.0",
          "from" : 20.0,
          "to" : 30.0,
          "doc_count" : 2
        },
        {
          "key" : "30.0-100.0",
          "from" : 30.0,
          "to" : 100.0,
          "doc_count" : 0
        }
      ]
    }

group by，对男性根据年龄，10-20，20-30，30-100分组；并对每组年龄求平均值

GET s18/doc/_search
{
  "query": {
    "match": {
      "sex": "男"
    }
  }, 
  "aggs": {
    "my_group": {
      "range": {
        "field": "age",
        "ranges": [
          {
            "from": 10,
            "to": 20
          },
          {
            "from": 20,
            "to": 30
          },
          {
            "from": 30,
            "to": 100
          }
        ]
      },
      "aggs": {
        "my_avg": {
          "avg": {
            "field": "avg"
          }
        }
      }
   }
 }
}

posted on 2018-03-30 15:07 myworldworld 阅读(561) 评论(0) 收藏举报

刷新页面返回顶部

myworldworld

ELK四：复杂查询

导航

公告