Restful及JSON格式
| 数据类型 |
描述 |
举例 |
| 字符串 |
要求使用双引号("")引起来的数据 |
"oldboyedu" |
| 数字 |
通常指的是0-9的所有数字 |
100 |
| 布尔值 |
只有true和false两个值 |
true |
| 空值 |
只有null一个值 |
null |
| 数组 |
使用一对中括号("[]")放入不同的元素(支持高级数据类型和基础数据类型) |
["linux",100,false] |
| 对象 |
使用一对大括号S#ef#T扩起来,里面的数据使用KEY-VALUE键值对即可 |
["class":"linux80","age":25] |
Restful⻛格程序: RESTFUL是一种网络应用程序的设计⻛格和开发方式,基于HTTP,可以使用XML格式定义或
JSON格式定义。
REST(英文:Representational State Transfer,简称REST)描述了一个架构样式的网络系统,比如 web 应用程序。REST首次出现在2000年Roy Fielding的博士论文中,Roy Fielding是HTTP规范的主要编写者之一。
JSON语法: 基础数据类型:
字符串: "oldboyedu" "老男孩IT教育" "2022" ""
数字: 0 1 2 ...
布尔值: true false
空值: null
高级数据类型:
数组:["oldboyedu","沙河",2022,null,true, {"school":"oldboyedu","class":"linux80"}]
对象:{"name":"oldboy", "age":40, "address":"北京沙河", "hobby":["Linux","思想课"],"other":null}
课堂练习: 使用json格式记录你的名字(name),年龄(age),学校(school),爱好(hobby),地址 (address)。
ElasticSearch 相关术语
Document: 即文档,是用户存储在ES的一些数据,它是ES中最小的存储单元。换句话说,一个文档是不可被拆分的。 一个文档使用的是json的对象数据类型存储。
filed: 相当于数据库表的字段,对文档数据根据不同属性进行分类标示。
index: 即索引,一个索引就是一个拥有相似特征文档的集合。
shard: 即分片,是真正存储数据的地方,每个分片底层对应的是一个Lucene库。一个索引至少有1
个或多个分片。
replica: 即副本,是对数据的备份,一个分片可以有0个或多个副本。 一旦副本数量不为0,就会引入主分片(primary shard)和副本分片(replica shard)的
概念。
主分片(primary shard): 可以实现数据的读写操作。
副本分片(replica shard): 可以实现数据读操作,与此同时,需要去主分片同步数据,当主分片挂掉,副本分片会变为主分片。
Allocation:
即分配,将分片(shard)分配给某个节点的过程,包括主分片和副本分片。 如果是副本分片,还包含从主分片复制数据的过程,这个分配过程由master节点调度完成。
Type: 在es 5.x即更早的版本,在一个索引中,我们可以定义一种或多种数据类型。但在es7仅支
持"_doc"类型。
管理索引的API
查看索引信息
GET http://192.168.8.21:9200/_cat/indices # 查看全部的索引信息
GET http://192.168.8.21:9200/_cat/indices?v # 查看表头信息
GET http://192.168.8.21:9200/_cat/indices/.kibana_7.17.3_001?v # 查看单个 索引
GET http://192.168.8.21:9200/.kibana_7.17.3_001 # 查看单个索引的详细信息
创建索引信息
PUT http://192.168.8.21:9200/oldboyedu-linux82
# 创建索引并指定分片和副本
{
"settings": {
"index": {
"number_of_shards": "3",
"number_of_replicas": 0
}
}
}
参数说明:
"number_of_shards": 指定分片数量:
"number_of_replicas": 指定副本数量。
修改索引
PUT /oldboyedu-linux82/_settings
{
"number_of_replicas": 1
}
温馨提示: 分片数量无法修改,副本数量是可以修改的。
删除索引
DELETE http://192.168.8.21:9200/oldboyedu-linux80
温馨提示: 删除索引,服务器的数据也会随之删除哟!
索引别名
POST _aliases
{
"actions": [
{
"add": {
"index": "oldboyedu-linux82",
"alias": "Linux容器运维"
}
},
{
"add": {
"index": "oldboyedu-linux82",
"alias": "DBA"
}
}
]
}
POST _aliases
{
"actions": [
{
"remove": {
"index": "oldboyedu-linux82",
"alias": "Linux容器运维"
}
},
{
"add": {
"index": "oldboyedu-linux82",
"alias": "DBA-2"
}
}
]
}
关闭索引
POST http://10.0.0.101:9200/oldboyedu-linux80/_close # 关闭索引
POST http://10.0.0.101:9200/oldboyedu-*/_close # 基于通配符关闭索引
温馨提示: 索引关闭意味着该索引无法进行任何的读写操作,但数据并不会被删除。
打开索引
POST http://10.0.0.101:9200/oldboyedu-linux80/_open # 打开索引
POST http://10.0.0.101:9200/oldboyedu-*/_open # 基于通配符打开索引
索引的其他操作
参考文档
管理文档的API
文档的创建
POST teacher/_doc # 不带id,自动生成id
{
"name": "oldboy",
"hobby": ["Linux","思想课" ]
}
POST teacher/_doc/1001 #指定id
{
"name": "oldboy",
"hobby": ["Linux2","政治课" ]
}
文档查看
GET teacher/_search/
GET teacher/_doc/1001
HEAD teacher/_doc/1002
文档修改
POST teacher/_doc/1001 # 全量更新
{
"name": "oldboy",
"hobby": ["Linux8","语文课" ]
}
POST teacher/_doc/1001/_update # 局部更新
{
"doc":{
"name": "lifei"
}
}
文档删除
DELETE http://10.0.0.101:9200/teacher/_doc/1001
文档的批量操作
POST http://10.0.0.101:9200/_bulk # 批量创建
{ "create": { "_index": "oldboyedu-linux80-elk"} }{ "name": "oldboy","hobby":["Linux","思想课"] }
{ "create": { "_index": "oldboyedu-linux80-elk","_id": 1002} } { "name": "振亚","hobby":["妹子","吃面"] }
{ "create": { "_index": "oldboyedu-linux80-elk","_id": 1001} } { "name": "苍老师","hobby":["家庭主妇"] }
POST http://10.0.0.101:9200/_bulk # 批量删除
{ "delete" : { "_index" : "oldboyedu-linux80-elk", "_id" : "1001" } } { "delete" : { "_index" : "oldboyedu-linux80-elk", "_id" : "1002" } }
POST http://10.0.0.101:9200/_bulk # 批量修改
{ "update" : {"_id" : "1001", "_index" : "oldboyedu-linux80-elk"} } { "doc" : {"name" : "CangLaoShi"} }
{ "update" : {"_id" : "1002", "_index" : "oldboyedu-linux80-elk"} } { "doc" : {"name" : "ZhenYa"} }
POST http://10.0.0.101:9200/_mget # 批量查看 {
"docs": [ {
"_index": "oldboyedu-linux80-elk",
"_id": "1001"
},
{
"_index": "oldboyedu-linux80-elk",
"_id": "1002"
} ]
}
温馨提示: 对于文档的批量写操作,需要使用"_bulk"的API,而对于批量的读操作,需要使
用"_mget"的API。
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/docs-bulk.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/docs-multi-get.html
使用映射(mapping)自定义数据类型
映射的数据类型
当写入文档时,字段的数据类型会被ES动态自动创建,但有的时候动态创建的类型并符合我们的需 求。这个时候就可以使用映射解决。
使用映射技术,可以对ES文档的字段类型提前定义我们期望的数据类型,便于后期的处理和搜索。 text:
全文检索,可以被全文匹配,即该字段是可以被拆分的。
keyword:
精确匹配,必须和内容完全匹配,才能被查询出来。
ip:
支持Ipv4和Ipv6,将来可以对该字段类型进行IP地址范围搜索。
参考链接: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping.htm
l
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping-
types.html
IP案例
PUT http://10.0.0.101:9200/oldboyedu-linux80-elk # 创建索引时指定映射关系
{
"mappings" :{
"properties": {
"ip_addr" : {
"type": "ip"
}}}}
GET http://10.0.0.101:9200/oldboyedu-linux80-elk # 查看索引的映射关系
POST http://10.0.0.101:9200/_bulk # 创建测试数据
{ "create": { "_index": "oldboyedu-linux80-elk"} } { "ip_addr": "192.168.10.101" }
{ "create": { "_index": "oldboyedu-linux80-elk"} } { "ip_addr": "192.168.10.201" }
{ "create": { "_index": "oldboyedu-linux80-elk"} } { "ip_addr": "172.31.10.100" }
{ "create": { "_index": "oldboyedu-linux80-elk"} } { "ip_addr": "10.0.0.222" }
GET http://10.0.0.101:9200/oldboyedu-linux80-elk/_search # 查看IP的网断
{
"query": {
"match" : {
} }}
其他数据类型案例
PUT http://10.0.0.101:9200/oldboyedu-linux80-elk-2022 # 创建索引 GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022 # 查看索引信息
PUT http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_mapping # 为已创 建的索引修改数据类型
{
"properties": {
"name": {
"type": "text",
"index": true
},
"gender": {
"type": "keyword",
"index": true
},
"telephone": {
"type": "text",
"index": false
},
"address": {
"type": "keyword",
"index": false
},
"email": {
"type": "keyword"
},
"ip_addr": {
"type": "ip"
} }
}
POST http://10.0.0.101:9200/_bulk # 添加测试数据
{ "create": { "_index": "oldboyedu-linux80-elk-2022"} } { "ip_addr": "192.168.10.101" ,"name": "柳鹏","gender":"男性 的","telephone":"33333333","address":"沙 河","email":"liupeng@oldboyedu.com"}
{ "create": { "_index": "oldboyedu-linux80-elk-2022"} } { "ip_addr": "192.168.20.21" ,"name": "王岩","gender":"男性 的","telephone":"55555","address":"松兰 堡","email":"wangyan@oldboyedu.com"}
{ "create": { "_index": "oldboyedu-linux80-elk-2022"} } { "ip_addr": "172.28.30.101" ,"name": "赵嘉欣","gender":"女性 的","telephone":"33333333","address":"于辛 庄","email":"zhaojiaxin@oldboyedu.com"}
{ "create": { "_index": "oldboyedu-linux80-elk-2022"} } { "ip_addr": "172.28.50.121" ,"name": "庞冉","gender":"女性 的","telephone":"444444444","address":"于辛 庄","email":"pangran@oldboyedu.com"}
{ "create": { "_index": "oldboyedu-linux80-elk-2022"} } { "ip_addr": "10.0.0.67" ,"name": "王浩任","gender":"男性 的","telephone":"22222222","address":"松兰 堡","email":"wanghaoren@oldboyedu.com"}
GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_search # 基于 gender字段搜索
{
"query":{
"match":{
"gender": "女" }
} }
GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_search # 基于 name字段搜索
{
"query":{
"match":{
"name": "王" }
} }
GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_search # 基于 email字段搜索
{
"query":{
"match":{
"email": "pangran@oldboyedu.com"
}
} }
GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_search # 基于 ip_addr字段搜索
{
"query": {
"match" : {
"ip_addr": "192.168.0.0/16"
}
} }
GET http://10.0.0.101:9200/oldboyedu-linux80-elk-2022/_search # 基于 address字段搜索,无法完成。
{
"query":{
"match":{
"address": "松兰堡"
}}}
安装IK分词器
下载地址: https://github.com/medcl/elasticsearch-analysis-ik
安装IK分词器:
install -d /lifei/soft/es/plugins/ik -o oldboyedu -g
oldboyed
cd /lifei/soft/es/plugins/ik
unzip elasticsearch-analysis-ik-7.17.3.zip
rm -f elasticsearch-analysis-ik-7.17.3.zip
chown -R oldboyedu:oldboyedu *
重启ES节点,使之加载插件: systemctl restart es
测试IK分词器:
GET http://10.0.0.101:9200/_analyze # 细粒度拆分
{
"analyzer": "ik_max_word", #拆分的数目多
"text": "我爱北京天安⻔!"
}
GET http://10.0.0.101:9200/_analyze # 粗粒度拆分
{
"analyzer": "ik_smart",
"text": "我爱北京天安⻔!" }
注:如果是rpm 包安装的elasticsearch的话,直接下载解压即可
自定义词典分词器
(1)进入到IK分词器的插件安装目录
cd /lifei/soft/es/plugins/ik/config
(2)自定义字典
cat > lifei.dic <<'EOF'
上号
德玛⻄亚
艾欧尼亚
亚索
EOF
chown oldboyedu:oldboyedu oldboyedu-linux80.dic
(3)加载自定义字典
vim IKAnalyzer.cfg.xml
...
<entry key="ext_dict">lifei.dic</entry>
(4)重启ES集群 systemctl restart es
(5)测试分词器
GET http://10.0.0.101:9200/_analyze {
"analyzer": "ik_smart",
"text": "嗨,哥们! 上号,我德玛⻄亚和艾欧尼亚都有号! 我亚索贼6,肯定能带你 ⻜!!!"
}
创建索引生命周期
PUT _ilm/policy/delete-after-20-days
{
"policy": {
"phases": {
"delete": {
"min_age": "20d",
"actions": {
"delete": {}
}
}
}
}
}
将索引模板应用到ilm策略
PUT _index_template/template-with-ilm
{
"index_patterns": ["your-index-pattern-*"],
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "delete-after-20-days",
"rollover_alias": "your-alias"
}
}
}
}
}
查看索引模板
GET _index_template/
GET bih_tha_flow-2024.12.24/_settings
创建索引模板
PUT _index_template/oih_tha_flow
{
"index_patterns" : [
"oih_tha_flow-*"
],
"template" : {
"settings" : {
"index" : {
"lifecycle" : {
"name" : "delete-after-20-days"
},
"number_of_shards" : "6",
"number_of_replicas" : "0"
}
},
"mappings" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"flow" : {
"properties" : {
"output" : {
"properties" : {
"snmp" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
}
}
},
"input" : {
"properties" : {
"snmp" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
}
}
},
"protocol" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"dst" : {
"properties" : {
"as_org" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"city_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"port" : {
"type" : "long",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"ip" : {
"type" : "ip",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"country_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"asn" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
}
}
},
"src" : {
"properties" : {
"as_org" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"city_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"port" : {
"type" : "long",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"ip" : {
"type" : "ip",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"country_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"asn" : {
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
}
}
}
}
}
}
}
},
"composed_of" : [ ],
"priority" : 1
}
删除索引模板
DELETE _index_template/oih_tha_flow
浙公网安备 33010602011771号