ElasticSearch DSL入门只 match_pharse

文章目录

  • GET 方法
  • `GET ` /_search

在将日志信息使用Elastic检索之后,可以使用ElasticSearch强大的日志搜索功能来实现日志的查询工作.这里介绍下GET相关的方法

GET 方法

GET _template
GET index
GET _cat/indices
GET _cat/tasks
GET _cat/aliases
GET _cat/count
GET _cat/allocation
GET _cat/nodes
GET _cat/templates
GET _cat/master
GET _cat/health
GET _alias
GET _aliases
GET _all
GET _count
GET _stats
GET _validate/query
GET _search_shards

GET /_search

看些这里的demo

从``中的message 字段中搜索,同时满足四个条件的日志信息

  1. message中有/xxxxrds
  2. message中有match_pharse1
  3. message中有match_pharse2
  4. message中没有not match phare1
GET logstash-2020.07*/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match_phrase": {
            "message": "/xxxxrds"
          }
        },
        {
          "match_phrase": {
            "message": "match_pharse1"
          }
        },
        {
          "match_phrase": {
            "message": "match_pharse2"
          }
        }
      ],
      "must_not": [
        {
          
          "match_phrase": {
            "message": "not match phare1"
          }
        }
      ]
    }
  },
    "highlight": { # 突出显示查询得到的关键信息.
    "fields": {
      "message":{}
    }
  }, 
  "sort": [
    {
      "@timestamp": { # 根据时间降序排列
        "order": "asc"
      }
    }
  ],
  "size": 10000  # 搜索的上线是10000,默认是200
}

返回的结果:

{
  "took": 12,  # 耗时12毫秒
  "timed_out": false, # 没有超时
  "_shards": {  # 查询了多少个分配
    "total": 50, # 总共查询了50个
    "successful": 50,  # 有50个成功了
    "skipped": 0,
    "failed": 0
  },
  "hits": {  # 命中的文档信息
    "total": 2,  # 总共命中了额几次?
    "max_score": null,
    "hits": [  # 命中的文档具体内容信息
        {
        "_index": "logstash-2020.07.07",
        "_type": "xxxx_index",
        "_id": "xxxxxxid",
        "_score": null,
        "_source": {   # 命中的文档本身
          "@timestamp": "2020-07-07T07:41:38.000Z",
          "level": "INFO ",
          "thread": "io-8443-exec-741",
          "package": "xxxx.RequestLogFilter",
          "message":"The message you want to search xxxxxxxxxxxxxxxxxxxx",
          "sort": [
          1594107698000
        ]
        }
    ]
    }
}

执行的效果图
ElasticSearch DSL入门只 match_pharse_第1张图片

你可能感兴趣的:(技术)