// 查询列表数据
func QueryOperateList(ctx context.Context, esClient *elastic.Client, index string, pageNum, pageSize int, start, end int64, execSql string, list []interface{}, operateAccount string, operateAddr string, maxRows, minRows int, dbAddr, namespace string, execResult string) (*message.OperateLogListResp, error) {
boolQuery := elastic.NewBoolQuery().Must()
if start > 0 && end > 0 && end > start {
rangeQuery := elastic.NewRangeQuery("timestamp").Gt(start).Lt(end)
boolQuery.Must(rangeQuery)
}
if len(execSql) > 0 {
//execSqlMatchQuery := elastic.NewWildcardQuery("executeStatement", "*"+execSql+"*")
//execSqlMatchQuery := elastic.NewFuzzyQuery("executeStatement", execSql).Fuzziness(2)
execSqlMatchQuery := elastic.NewMatchQuery("executeStatement", execSql)
fmt.Println(execSql)
boolQuery.Must(execSqlMatchQuery)
}
if len(operateAddr) > 0 {
operateAddrMatchQuery := elastic.NewMatchQuery("operateOriginAddr", operateAddr)
boolQuery.Must(operateAddrMatchQuery)
}
if len(dbAddr) > 0 {
dbAddrMatchQuery := elastic.NewMatchQuery("databaseAddr", dbAddr)
boolQuery.Must(dbAddrMatchQuery)
}
if len(namespace) > 0 {
//nameSpaceMatchQuery := elastic.NewMatchQuery("nameSpace", namespace)
// 构建 wildcard 查询
nameSpaceMatchQuery := elastic.NewWildcardQuery("nameSpace", "*"+namespace+"*")
boolQuery.Must(nameSpaceMatchQuery)
}
if len(execResult) > 0 {
execResultMatchQuery := elastic.NewMatchQuery("executeResult", execResult)
boolQuery.Must(execResultMatchQuery)
}
if len(operateAccount) > 0 {
operateAccountMatchQuery := elastic.NewWildcardQuery("operateAccount", "*"+operateAccount+"*")
//operateAccountMatchQuery := elastic.NewFuzzyQuery("operateAccount", operateAccount)
boolQuery.Must(operateAccountMatchQuery)
}
fmt.Println("max-min:", maxRows, minRows)
//0->100:小于100 ;10->0:10到无穷大 0->0 忽略这个条件,max=0 代表无穷大
if maxRows == 0 { // 情况1:min有值,max=0,最小值到无穷大 情况2:默认都不填min=0,max=0,0到无穷大;
rowsQuery := elastic.NewRangeQuery("affectedRow").Gte(minRows)
boolQuery.Must(rowsQuery)
} else {
rowsQuery := elastic.NewRangeQuery("affectedRow").Gte(minRows).Lte(maxRows)
boolQuery.Must(rowsQuery)
}
fmt.Println("QueryOperateList list:", list)
if len(list) > 0 {
var newList []interface{}
for _, v := range list {
newList = append(newList, v)
newList = append(newList, strings.ToUpper(v.(string)))
}
operateTypeMatchQuery := elastic.NewTermsQuery("operateType", newList...)
boolQuery.Must(operateTypeMatchQuery)
fmt.Println("QueryOperateList newList条件:", newList)
}
//================ 打印查询条件的 JSON 表示==========//
queryJSON, err := boolQuery.Source()
if err != nil {
log.Fatalf("Error encoding query to JSON: %s", err)
}
formattedQuery, err := json.MarshalIndent(queryJSON, "", " ")
if err != nil {
log.Fatalf("Error formatting JSON: %s", err)
}
fmt.Println("Elasticsearch Query:")
fmt.Println(string(formattedQuery))
//===============================================//
// 执行ES请求需要提供一个上下文对象
ctx2 := context.Background()
// 创建Terms桶聚合
//aggs := elastic.NewTermsAggregation().Field("operateTime").Size(1000) // 根据shop_id字段值,对数据进行分组
searchResult, err := esClient.Search().
Index(index). // 设置索引名
Query(boolQuery). // 设置查询条件
//Aggregation("count", aggs). // 设置聚合条件,并为聚合条件设置一个名字
From((pageNum-1)*pageSize).
Size(pageSize). // 设置分页参数 - 每页大小,设置为0代表不返回搜索结果,仅返回聚合分析结果
Sort("operateTime", false). //设置排序字段,根据Created字段升序排序,第二个参数false表示逆序
Pretty(true). // 查询结果返回可读性较好的JSON格式
Do(ctx2) // 执行请求
if err != nil {
return nil, err
}
//fmt.Println("分页:", (pageNum-1)*pageSize, pageSize)
OperateListData := message.OperateLogListResp{
Total: int(searchResult.TotalHits()),
}
OperateLogList := []*message.OperateLogInfo{}
if searchResult.TotalHits() > 0 {
for _, hit := range searchResult.Hits.Hits {
var t OperateLog
err := json.Unmarshal(hit.Source, &t)
if err != nil {
fmt.Print(" 解析日志列表json数据失败\n", err.Error())
}
info := &message.OperateLogInfo{}
info.ExecSql = t.ExecSql
info.OperateType = t.OperateType
info.OperateAccount = t.OperateAccount
info.OperateAddr = t.OperateAddr
info.DbAddr = t.DbAddr
info.Namespace = t.Namespace
info.Rows = t.Rows
//info.Rows, _ = strconv.Atoi(t.Rows)
info.ExecResult = t.ExecResult
info.ExecTime = t.ExecTime
info.ResponseTime = t.ResponseTime
OperateLogList = append(OperateLogList, info)
//打印每行数据
//fmt.Printf("操作类型1: %s, 操作地址: %s ,数据库地址:%s,执行时间:%d\n", t.OperateType, t.OperateAddr, t.DbAddr, t.ExecTime)
}
} else {
fmt.Print(" 没有数据 \n")
}
OperateListData.List = OperateLogList
return &OperateListData, nil
}
打印出请求query:
GET infosec***t_new*/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"from": 1700964412000,
"include_lower": false,
"include_upper": false,
"to": 1701223612000
}
}
},
{
"match": {
"executeStatement": {
"query": "update ****-nk6x4'"
}
}
},
{
"range": {
"affectedRow": {
"from": 0,
"include_lower": true,
"include_upper": true,
"to": null
}
}
}
]
}
}
}