kibana
查询语句博客 https://elasticstack.blog.csdn.net/article/details/99546568
查询任意条?size=10 从第几条数据开始&from=3
多个引擎同时查询/index1,index2,index3/_search
所有以index为开头的索引来进行搜索,但是排除 index3 索引/index*,-index3/_search
查询指定路径下边的内容?filter_path=hits.total
通过source指定要返回的列"_source": ["user", "city"]或者"_source": {"includes": ["user", "city"]}
不返回source的任何信息"_source": false
指定返回特定字段"_source": {"includes": ["user*","location*"], "excludes": ["*.lat"]}
返回计算表达式"script_fields": {"years_to_100": {"script": {"lang": "painless","source": "100-doc['age'].value"}},"year_of_birth":{"script": "2019 - doc['age'].value"}}
可以将doc['age']换为params._source['age'] 不过需要做ctx搜索
统计数量请求_count
查询符合条件的dom "bool": {"filter": {"term": {"city.keyword": "北京"}}}
"constant_score": {"filter": {"term": {"pod_name": {"value": "prod-sb-bwprocessnode1-f99875768-ms8wb"}}}
使用参数minimum_should_match 设置至少匹配的 term,例如这个配置朝阳区老贾中的三个字 "match": {"user": {"query": "朝阳区-老贾","operator": "or","operator": "and","minimum_should_match": 3}}
根据id匹配"ids": {"values": ["1", "2"]}
判断几个字段或关系是否含有某个字符串
"multi_match": {
"query": "朝阳",
"fields": [
"user",
"address^3",
"message"
],
"type": "best_fields"
包含特定前缀的文档
"prefix": {
"user": {
"value": "朝"
}
}
包含特定前缀的文档
"prefix": {
"user": {
"value": "朝"
}
}
精确的字词匹配
"term": {
"user.keyword": {
"value": "朝阳区-老贾"
}
}
对多个 terms 进行查询
"terms": {
"user.keyword": [
"双榆树-张三",
"东城区-老刘"
]
}
查询在提供的字段中包含最少数目的精确术语的文档
"terms_set": {
"programming_languages": {
"terms": [ "c++", "java", "php" ],
"minimum_should_match_field": "required_matches"
}
}
找出在 programming_languages 中同时含有 c++, java 以及 php 中至少有两个 term 的文档
"terms_set": {
"programming_languages": {
"terms": [ "c++", "java", "php" ],
"minimum_should_match_script": {
"source": "2"
}
}
}
---------------------------实现模糊匹配查询------------------------------------
GET /app-prodbjltwsy-000001/_search
{
"query": {
"wildcard" : { "log" : "*1614790432979*" }
}
}
浙公网安备 33010602011771号