ES操作 Kibana操作ES入门练习 ES花式查询

说明:个人学习练习【笔记】而已,文档中所有命令都经过练习实际操作。版本都是7.7.0,后续再发java操作ES

ELK相关集群配置

ELK相关学习更新以及常见问题记录


Kibana操作ES

基本知识

基本命令

命令 字段 含义
PUT /索引名称/类型名称/文档ID 创建文档(指定文档ID)
POST /索引名称/索引类型 创建文档(随机文档ID)
POST /索引名称/类型名称/文档id/_update 修改文档
DELETE /索引名称/类型名称/文档id 删除文档/或者索引
GET /索引名称/类型名称/文档id 查询文档通过文档ID
POST /索引名称/类型名称/_search 查询所有数据

基本数据类型

字符串类型 数值类型 日期(纳秒) 布尔值类型 二进制类型 范围类型
text keyword byte short integer long float double half_float scaled_float date(date_nanos) boolean binary range

复杂数据类型

数组类型 对象类型 嵌套类型
array object nested

地理数据类型

地理点类型 地理形状类型
geo-point geo-shape

特殊数据类型很多,这里记录两种

计数数据类型 IP类型
token_count ip (IPv4 和 IPv6 地址)

命令练习

练习基础数据

创建一个索引库和索引规则并指定字段类型

PUT /crazy
{
  "settings": {
    "number_of_shards": 3,
    "number_of_replicas": 2
  },
  "mappings": {
    "properties": {
      "id": {
        "type": "integer"
      },
      "name": {
        "type": "keyword"
      },
      "age": {
        "type": "long"
      },
      "birth": {
        "type": "date"
      },
      "desc": {
        "type": "text"
      },
      "tag": {
        "type": "text"
      }
    }
  }
}

创建一些测试数据

POST /crazy/_doc
{"name":"疯子","age":23,"birth":"1997-06-06","desc":"疯子学elk来了","tag":["JAVA","帅哥","HTML","暖男","看书"]}
POST /crazy/_doc
{"name":"小傻子","age":20,"birth":"2000-12-20","desc":"傻子不爱吃苹果","tag":["游戏","直播","直男","渣男","旅游"]}
POST /crazy/_doc
{"name":"张张三","age":5,"birth":"2015-02-20","desc":"张三5岁了,他也不爱吃苹果","tag":["萌宝","游戏","小暖男","睡觉","玩具"]}
POST /crazy/_doc
{"name":"李四","age":50,"birth":"1970-04-25","desc":"李四50岁了,她爱吃香蕉,是个老太太","tag":["老人","听戏","散步","睡觉","老太婆"]}
POST /crazy/_doc
{"name":"王五五","age":30,"birth":"1990-09-25","desc":"王五爱吃苹果,还学java,也爱吃香蕉","tag":["直男","技术宅","睡觉","听音乐","大佬"]}

常用状态查看

获取索引的规则具体信息

GET /crazy

健康值

【_cat命令可以查看es的很多信息】

GET _cat/health

版本信息

GET _cat/indices?v

文档数据基本操作

★关键字总结:

字段类型区别:

  1. keyword字段不会被分词器解析
    • 不分词,直接索引。【支持:模糊、精确查询,支持聚合】
  2. text字段被分词器解析
    • 先分词,然后进行索引。【支持:模糊、精确查询,支持聚合】

查询关键字区别:

  1. term 查询时直接通过倒排索引指定的词条进行精确查找的【多用于精确值查找】
  2. match 使用分词器解析【先分析文档,然后通过分析的文档进行查询】【多用于模糊值查找】

bool值关键字区别:是|或|否

  1. must 必须:所有条件都要符合
  2. should 或者
  3. must_not 不等于

查询一条数据 1

直接指定索引/类型/{id}

GET crazy/_doc/A-pYKXMB85eJEC73q2LL

查询一条数据 2

精确查找nam叫疯子的,两个查询都能查到

GET /crazy/_doc/_search
{
  "query":{
    "term":{
      "name":"疯子"
    }
  }
}
GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "name":"疯子"
    }
  }
}

查询一条数据 3

这里用模糊查询name字段不会有结果

因为name字段是keyword类型,不会被分词,所以下面的练习都用模糊查询其他字段

GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "name":"疯"
    }
  }
}

查询所有数据

使用请求体和关键字_search查询

GET crazy/_search
{
  "query": {
    "match_all": {}
  }
}

添加一条数据(随机ID)

{
  "name": "小七",
  "age": 10,
  "birth": "2010-08-21",
  "desc": "小七是个淘气鬼,天天就爱捣乱",
  "tag": [
    "小学生",
    "捣乱",
    "睡觉",
    "打游戏",
    "淘气"
  ]
}

更新数据put【不推荐】

更新刚才小七的id

容易出现数据滞空(没有更新到的字段会空)

put是覆盖是更新,版本号属性会发生改变

PUT /crazy/_doc/BuqTLHMB85eJEC73D20H
{
  "name":"小小七七",
  "desc":"不知道如何形容"
}

更新数据post【推荐】

POST /crazy/_doc/BuqTLHMB85eJEC73D20H/_update
{
  "doc":{
    "desc":"小七很顽皮,也很帅"
  }
}

直接删除一条数据(根据id)

DELETE /crazy/_doc/BuqTLHMB85eJEC73D20H

删除索引/或文档

DELETE /crazy
DELETE /crazy/_doc

复杂查询

模糊查询

例如:select * from table a where a.desc like “%苹果%”

这里的desc字段类型是text,此类型字段会被分词器解析

使用关键字match查询,会使用分词器解析,先分析文档,然后通过分析的文档进行查询*

GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "desc":"苹果"
    }
  }
}

结果过滤 _source

上面的查询出来的字段太多了,只要展示name、age、desc即可

关键字_source与请求体关键字query同级,逗号分隔,参数为数组

GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "desc":"苹果"
    }
  },
  "_source":["name","age","desc"]
}

结果排序 sort

上面的结果例子:根据年龄升序

关键字sort与请求体关键字query同级,逗号分隔,参数为数组对象

GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "desc":"苹果"
    }
  },
  "_source":["name","age","desc"],
  "sort":[{
    "age":{
      "order":"asc"
    }
  }]
}

分页 from\size

要求:查询所有数据,每页2条数据,展示第2页

关键字:

  1. from 从第几个开始,下标0是第一个
  2. size 查询多少条数据
  3. 都与query同级,逗号分隔
GET crazy/_search
{
  "query": {
    "match_all": {}
  },
  "from": 2,
  "size": 2
}

bool条件查询

查询age=20岁并且desc有字的
  1. bool-must必须同时满足多个条件,条件内部可使用match/term,这里用的desc有爱age=20,是并且关系

  2. must-should-must-not 与或非条件内部为数组对象,每个条件都需要单独的=={ }==括起来

 GET /crazy/_doc/_search
 {
   "query": {
     "bool": {
       "must":[
         {
           "match": {
             "desc": "爱"
           }
         },
         {
           "term": {
             "age": "20"
           } 
         }
       ]
     }
   }
 }
查询age=30或者tag标签有字的
  1. bool-should 或许满足某个条件,条件内部可使用match/term,这里用的tag有男age=30,是或者关系

  2. must should must-not 与或非条件内部为数组对象,每个条件都需要单独的=={ }==括起来,



GET /crazy/_doc/_search
{
 "query": {
   "bool": {
     "should": [
       {
         "term": {
           "age": "30"
         }
       },
       {
         "match": {
           "tag": "男"
         }
       }
     ]
   }
 }
}
查询年龄必须不等于30岁和desc没有香蕉的

bool-should 必须不等于某条件,条件内部可使用match/term,这里用的tag有男age=30,条件内部是与关系,意思这些条件都不能被满足

GET /crazy/_doc/_search
{
  "query": {
    "bool": {
      "must_not": [
        {
          "term": {
            "age": "30"
          }
        },
        {
          "match": {
            "desc": "香蕉"
          }
        }
      ]
    }
  }
}

filter过滤器查询

查询10<=age>=30,desc有苹果或者香蕉的
  1. 这里的desc或者可以用match多条件查询,空格分隔,都满足的靠前展示

  2. 这里filter是指过滤器,对上面的must结果进行过滤

  3. filter-range-lt-gt解释: range范围过滤 gt>= lt<=

GET /crazy/_doc/_search
{
  "query": {
    "bool": {
      "must":[
        {
          "match": {
            "desc": "苹果 香蕉"
          } 
        }
      ],
      "filter": {
        "range": {
          "age": {
            "gte": 10, 
            "lte": 30
          }
        }
      }
    }
  }
}

高亮查询

查询desc有苹果或者香蕉的,并将苹果香蕉高亮
  1. ES支持大概3种高亮方式:plain highlighter fast vector highlighter posting highlighter

  2. Plain Highlighter为默认高亮,这里学习用默认的。

  3. 这里的测试数据查询结果为苹果香蕉字段默认添加 HTML标签

GET /crazy/_doc/_search
{
 "query": {
   "match":{
     "desc":"苹果 香蕉"
   }
 },
 "highlight":{
   "fields":{
     "desc":{}
   }
 }
}
  1. 修改上面的默认标签方式,这里修改为p标签并指定class属性和行内元素颜色属性
  2. pre_tags:前缀,``post_tags`:后缀
GET /crazy/_doc/_search
{
 "query": {
   "match":{
     "desc":"苹果 香蕉"
   }
 },
 "highlight":{
   "pre_tags": "

", "post_tags":"

"
, "fields":{ "desc":{} } } }

聚合查询基本操作

类似与sql的分组group by

格式:


"aggs" : {                  	     // 声明聚合操作
    "aggs_name" : {          // 聚合名,可以自定义
        "aggs_type" : {       // 聚合类别比如sum,max,min,avg等等
            aggs_body         // 聚合体
        },
        "aggs" : {				 // 父子关系嵌套的另一个聚合,与上一个聚合逗号分隔
        "aggs_name"{
        	 "aggs_type" : { 
        		"aggs_body "
        	}
        } 
    },
    "aggs" : {					// 兄弟关系嵌套的另一个聚合,与上一个聚合逗号分隔
        "aggs_name"{
        	 "aggs_type" : { 
        		"aggs_body "
        	}
        }  					
    }
}
desc字段有苹果的人的平均年龄
  1. avg_age自定义返回平均值的名字
  2. avg 要做的聚合操作这里是求平均值,还有max,min等等
  3. field指定按什么字段进行聚合操作
  4. query-match模糊查询desc字段
GET /crazy/_doc/_search
{
  "query":{
    "match":{
      "desc":"苹果"
    }
  },
  "aggs": {
    "avg_age": {
      "avg": {
        "field": "age"
      }
    }
  }
}

花式查询大集合:

条件1:1<age>=30
条件2:tag包含男/游戏
条件3:desc包含苹果
条件4:高亮展示tag字段查询内容,并自定义标签
条件5:年龄age升序排序
条件6:格式化生日日期yyyy-MM-dd
条件7:计算结果的年龄统计信息ageStats
条件8:统计:0ageRanges
条件9:统计:20年之内出生的有多少人birthCounts
条件10:统计:30年内出生的年龄最小的是多少岁ageMinCounts
条件11:统计:年龄每隔5岁统计直方图聚合信息histogram等间距划分ageHistogram
条件12:统计:按固定时间段统计(年/月等等,这里用年) birthDateHistogram


GET crazy/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "desc": "苹果"
          }
        },
        {
          "match": {
            "tag": "男 游戏"
          }
        }
      ],
      "filter": {
        "range": {
          "age": {
            "gt": 1,
            "lte": 30
          }
        }
      }
    }
  },
  "sort": [
    {
      "age": {
        "order": "asc"
      }
    }
  ],
  "highlight": {
    "pre_tags": "

", "post_tags": "

"
, "fields": { "tag": {} } }, "aggs": { "ageStats": { "stats": { "field": "age" } }, "ageRanges": { "range": { "field": "age", "ranges": [ { "from": 1, "to": 21 }, { "from": 21, "to": 51 } ] } }, "birthCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-20y", "to": "now" } ] } }, "birthMixCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-30y", "to": "now" } ] }, "aggs": { "ageMinCounts": { "min": { "field": "age" } } } }, "ageHistogram": { "histogram": { "field": "age", "interval": 5 } }, "birthDateHistogram": { "date_histogram": { "field": "birth", "format": "yyyy-MM-dd", "interval": "year" } } } }

结果

{
 "took" : 7,
 "timed_out" : false,
 "_shards" : {
   "total" : 3,
   "successful" : 3,
   "skipped" : 0,
   "failed" : 0
 },
 "hits" : {
   "total" : {
     "value" : 3,
     "relation" : "eq"
   },
   "max_score" : null,
   "hits" : [
     {
       "_index" : "crazy",
       "_type" : "_doc",
       "_id" : "g-q4LXMB85eJEC73L3G1",
       "_score" : null,
       "_source" : {
         "name" : "张张三",
         "age" : 5,
         "birth" : "2015-02-20",
         "desc" : "张三5岁了,他也不爱吃苹果",
         "tag" : [
           "萌宝",
           "游戏",
           "小暖男",
           "睡觉",
           "玩具"
         ]
       },
       "highlight" : {
         "tag" : [
           "

"
, "小暖

"
] }, "sort" : [ 5 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "guq4LXMB85eJEC73KHHH", "_score" : null, "_source" : { "name" : "小傻子", "age" : 20, "birth" : "2000-12-20", "desc" : "傻子不爱吃苹果", "tag" : [ "游戏", "直播", "直男", "渣男", "旅游" ] }, "highlight" : { "tag" : [ "

"
, "直

"
, "渣

"
, "旅

"
] }, "sort" : [ 20 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "huq4LXMB85eJEC73PnGM", "_score" : null, "_source" : { "name" : "王五五", "age" : 30, "birth" : "1990-09-25", "desc" : "王五爱吃苹果,还学java,也爱吃香蕉", "tag" : [ "直男", "技术宅", "睡觉", "听音乐", "大佬" ] }, "highlight" : { "tag" : [ "直

"
] }, "sort" : [ 30 ] } ] }, "aggregations" : { "ageRanges" : { "buckets" : [ { "key" : "1.0-21.0", "from" : 1.0, "to" : 21.0, "doc_count" : 2 }, { "key" : "21.0-51.0", "from" : 21.0, "to" : 51.0, "doc_count" : 1 } ] }, "ageStats" : { "count" : 3, "min" : 5.0, "max" : 30.0, "avg" : 18.333333333333332, "sum" : 55.0 }, "ageHistogram" : { "buckets" : [ { "key" : 5.0, "doc_count" : 1 }, { "key" : 10.0, "doc_count" : 0 }, { "key" : 15.0, "doc_count" : 0 }, { "key" : 20.0, "doc_count" : 1 }, { "key" : 25.0, "doc_count" : 0 }, { "key" : 30.0, "doc_count" : 1 } ] }, "birthDateHistogram" : { "buckets" : [ { "key_as_string" : "1990-01-01", "key" : 631152000000, "doc_count" : 1 }, { "key_as_string" : "1991-01-01", "key" : 662688000000, "doc_count" : 0 }, { "key_as_string" : "1992-01-01", "key" : 694224000000, "doc_count" : 0 }, { "key_as_string" : "1993-01-01", "key" : 725846400000, "doc_count" : 0 }, { "key_as_string" : "1994-01-01", "key" : 757382400000, "doc_count" : 0 }, { "key_as_string" : "1995-01-01", "key" : 788918400000, "doc_count" : 0 }, { "key_as_string" : "1996-01-01", "key" : 820454400000, "doc_count" : 0 }, { "key_as_string" : "1997-01-01", "key" : 852076800000, "doc_count" : 0 }, { "key_as_string" : "1998-01-01", "key" : 883612800000, "doc_count" : 0 }, { "key_as_string" : "1999-01-01", "key" : 915148800000, "doc_count" : 0 }, { "key_as_string" : "2000-01-01", "key" : 946684800000, "doc_count" : 1 }, { "key_as_string" : "2001-01-01", "key" : 978307200000, "doc_count" : 0 }, { "key_as_string" : "2002-01-01", "key" : 1009843200000, "doc_count" : 0 }, { "key_as_string" : "2003-01-01", "key" : 1041379200000, "doc_count" : 0 }, { "key_as_string" : "2004-01-01", "key" : 1072915200000, "doc_count" : 0 }, { "key_as_string" : "2005-01-01", "key" : 1104537600000, "doc_count" : 0 }, { "key_as_string" : "2006-01-01", "key" : 1136073600000, "doc_count" : 0 }, { "key_as_string" : "2007-01-01", "key" : 1167609600000, "doc_count" : 0 }, { "key_as_string" : "2008-01-01", "key" : 1199145600000, "doc_count" : 0 }, { "key_as_string" : "2009-01-01", "key" : 1230768000000, "doc_count" : 0 }, { "key_as_string" : "2010-01-01", "key" : 1262304000000, "doc_count" : 0 }, { "key_as_string" : "2011-01-01", "key" : 1293840000000, "doc_count" : 0 }, { "key_as_string" : "2012-01-01", "key" : 1325376000000, "doc_count" : 0 }, { "key_as_string" : "2013-01-01", "key" : 1356998400000, "doc_count" : 0 }, { "key_as_string" : "2014-01-01", "key" : 1388534400000, "doc_count" : 0 }, { "key_as_string" : "2015-01-01", "key" : 1420070400000, "doc_count" : 1 } ] }, "birthMixCounts" : { "buckets" : [ { "key" : "1990-07-08-2020-07-08", "from" : 6.47432463045E11, "from_as_string" : "1990-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 3, "ageMinCounts" : { "value" : 5.0 } } ] }, "birthCounts" : { "buckets" : [ { "key" : "2000-07-08-2020-07-08", "from" : 9.63051663045E11, "from_as_string" : "2000-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 2 } ] } } }

所有数据

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 3,
    "successful" : 3,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "crazy",
        "_type" : "_doc",
        "_id" : "hOq4LXMB85eJEC73NnF2",
        "_score" : 1.0,
        "_source" : {
          "name" : "李四",
          "age" : 50,
          "birth" : "1970-04-25",
          "desc" : "李四50岁了,她爱吃香蕉,是个老太太",
          "tag" : [
            "老人",
            "听戏",
            "散步",
            "睡觉",
            "老太婆"
          ]
        }
      },
      {
        "_index" : "crazy",
        "_type" : "_doc",
        "_id" : "guq4LXMB85eJEC73KHHH",
        "_score" : 1.0,
        "_source" : {
          "name" : "小傻子",
          "age" : 20,
          "birth" : "2000-12-20",
          "desc" : "傻子不爱吃苹果",
          "tag" : [
            "游戏",
            "直播",
            "直男",
            "渣男",
            "旅游"
          ]
        }
      },
      {
        "_index" : "crazy",
        "_type" : "_doc",
        "_id" : "huq4LXMB85eJEC73PnGM",
        "_score" : 1.0,
        "_source" : {
          "name" : "王五五",
          "age" : 30,
          "birth" : "1990-09-25",
          "desc" : "王五爱吃苹果,还学java,也爱吃香蕉",
          "tag" : [
            "直男",
            "技术宅",
            "睡觉",
            "听音乐",
            "大佬"
          ]
        }
      },
      {
        "_index" : "crazy",
        "_type" : "_doc",
        "_id" : "geq4LXMB85eJEC73HHHq",
        "_score" : 1.0,
        "_source" : {
          "name" : "疯子",
          "age" : 23,
          "birth" : "1997-06-06",
          "desc" : "疯子学elk来了",
          "tag" : [
            "JAVA",
            "帅哥",
            "HTML",
            "暖男",
            "看书"
          ]
        }
      },
      {
        "_index" : "crazy",
        "_type" : "_doc",
        "_id" : "g-q4LXMB85eJEC73L3G1",
        "_score" : 1.0,
        "_source" : {
          "name" : "张张三",
          "age" : 5,
          "birth" : "2015-02-20",
          "desc" : "张三5岁了,他也不爱吃苹果",
          "tag" : [
            "萌宝",
            "游戏",
            "小暖男",
            "睡觉",
            "玩具"
          ]
        }
      }
    ]
  }
}

声明:
博客中标注原创的文章,版权归本博客作者所有,若转载或者引用本文内容请注明来源及原作者,否则依法保留追究权
打赏功能被文章底部的···默认隐藏了,如果帮到你了点个赞呗,要么收藏一下?
【嘘~~~悄悄话:终有一日,你的日积月累,会成为的别人的望尘莫及】

你可能感兴趣的:(ELK相关学习)