Elasticsearch的查询

1. 根据时间范围查询,获取平均值、最大值

GET bk-nginx-access-2021.01.29/_search
{
  "query": {
    "bool": {
      "filter": {
        "range": {
          "@timestamp": {
            "gte": "2021-01-29T06:00:00.000Z",
            "lte": "2021-01-29T06:30:00.000Z"
          }
    }
      }
    }
  }, 
  "size": 0, 
  
  "aggs": {
    "avg_response_time":{
      "avg":{
        "field":"response_time"
      }
    },
    "max_response_time":{
      "max":{
        "field":"response_time"
      }
    }
  }
}

2.过滤指定字段 1

GET bk-nginx-access-2021.01.07/_search
{
  "query": {
    "bool": {
      "filter": {
        "range": {
          "status": {
            "gte": 400
            
          }
        }
      }
    }
  },

  "size": 0, 
  "aggs": {
    "status_group": {
      "terms": {
        "field":"status"
      },"aggs":{
        "url_group": {
        "terms": {
          "field":"url.keyword"
        }
      }
      }
    }
    
  }
}

3.过滤指定字段 2

GET bk-nginx-access-2021.01.07/_search
{
  "size": 0, 
  "query": {
    "bool": {
      "filter": {
        "terms": {
          "url.keyword": [
          "/smtapp/servicePools/findListForApp.do "
          ]
        }
      }
    }  
  }, 
  "aggs": {
    "group_by_state": {
      "terms": {
        "field":"url.keyword"
      }
    }
  }
}

4.输出指定key


GET bk-nginx-access-2021.01.07/_search?pretty
{
    "_source": {
        "includes":["url","status"]
    }
}

5.先过滤再计算聚合1

GET bk-nginx-access-2021.01.28/_search?size=0
{
    "query": {
        "bool": {
            "filter": {
                "range": {
                    "time_local": {
                        "from": "2021-01-29T00:00:00",
                        "to": "2021-01-29T00:30:00"
                    }
                }
            }
        }
    },
    "size": 0,
    "aggs": {
        "avg_response_time":{
            "avg": {
                "field":"response_time"
            }
        },
        "avg_request_time": {
            "avg": {
                "field": "request_time"
            }
        },
        "max_response_time":{
            "max":{
                "field": "response_time"
            }
        },
        "max_quest_time": {
            "max": {
                "field": "request_time"
            }
        }
    }
}

6. 先过滤再聚合2

GET /monitor-platform-java-*/_search
{
  "size": 0, 
  "query": {
    "bool": {
      "filter": {
        "range": {
          "json.time.keyword": {
            "gte": "2021-02-19 07:00:00",
            "lte": "2021-02-19 07:30:00"
          }
        }
      }
    }  
  }, 
  "aggs": {
    "value_count": {
     "terms": {
       "field":"json.level.keyword"
     }
   } 
  }
}

7.查询索引创建时间、大小

GET _cat/indices?h=i,store.size,creation.date.string

你可能感兴趣的:(Elasticsearch的查询)