elasticsearch 6.x dsl 常用语法
(源数据暂时不好导出,可以根据自己的实际情况修改索引)
查询所有
GET /qiniu_logkit_164/_search
输出指定字段
GET /qiniu_logkit_164/_search
{
"query": {
"match_all": {}
},
"_source": ["priority","tag"]
}
查询分页
GET /qiniu_logkit_164/_search
{
"query": {
"match_all": {}
},
"from": 3,
"size": 5
}
match类查询
查询所有
GET /qiniu_logkit_164/_search
{
"query": {
"match_all": {}
}
}
查询content字段带有link关键字
如果用match下指定了一个确切值,在遇到数字,日期,布尔值或者not_analyzed 的字符串时,它将为你搜索你给定的值
GET /qiniu_logkit_164/_search
{
"query": {
"match": {
"content": "link"
}
}
}
多字段匹配
匹配content,tag字段
GET /qiniu_logkit_164/_search
{
"query": {
"multi_match": {
"query": "info",
"fields": ["content","tag"]
}
}
}
term类过滤
term主要用于精确匹配哪些值,比如数字,日期,布尔值或 not_analyzed 的字符串(未经分析的文本数据类型):
GET /qiniu_logkit_164/_search
{
"query": {
"term": {
"priority": {
"value": "6"
}
}
}
}
terms多条件查询
GET /qiniu_logkit_164/_search
{
"query": {
"terms": {
"tag": [
"systemd",
"kernel"
]
}
}
}
range 过滤
gt 大于 | gte 大于等于 | lt 小于 | lte 小于等于
GET /qiniu_logkit_164/_search
{
"query": {
"range": {
"priority": {
"gt": 30,
"lte": 70
}
}
}
}
exists missing 过滤
存在tag字段 missing好像被废弃了,暂时不用
GET /qiniu_logkit_164/_search
{
"query": {
"exists": {
"field": "tag"
}
}
}
bool 过滤
must 相当于 and | must_not 相当于not | should 相当于 or
GET /qiniu_logkit_164/_search
{
"query": {
"bool": {
"must": [
{"range": {
"priority": {
"gte": 1,
"lte": 5
}
}}
],
"should": [
{"term": {
"tag": {
"value": "kernel"
}
}}
]
}
}
}
sort 排序
GET /qiniu_logkit_164/_search
{
"sort": [
{
"priority": {
"order": "asc"
}
}
]
}
前置过滤
GET /qiniu_logkit_164/_search
{
"query": {
"match_phrase_prefix": {
"content": "hrtimer"
}
}
}
wildcard 查询
- 代表0个或多个字符,?代表任意一个字符
GET /qiniu_logkit_164/_search
{
"query": {
"wildcard": {
"content": {
"value": "veth*b6ac2"
}
}
}
}
搜索高亮显示
GET /qiniu_logkit_164/_search
{
"query": {
"wildcard": {
"content": {
"value": "veth*b6ac2"
}
}
},
"highlight": {
"fields": {
"content": {}
}
}
}
aggs 聚合查询
sum,min,max,avg,cardnality,term常用的几种类型
severity分组
GET /qiniu_logkit_164/_search
{
"size": 0,
"aggs": {
"group_severity": {
"terms": {
"field": "severity"
}
}
}
}
severity平均值
GET /qiniu_logkit_164/_search
{
"size": 0,
"aggs": {
"group_severity": {
"avg": {
"field": "severity"
}
}
}
}