搭建ELK 集群,和准备环境 搭建我的ELK 7.2
Elasticsearch 的基本概念 Elasticsearch 基础概念
文档的CRUD
| CRUD 操作 | ES 操作 |
|---|---|
| INDEX | PUT my_index/_doc/1 {"user":"mike","comment":"For Search"} |
| CREATE | PUT my_index/_create/1 {"user":"mike","comment":"For Search"} POST my_index/_doc (不指定ID,自动生成) {"user":"mike","comment":"For Search"} |
| READ | GET my_index/_doc/1 |
| UPDATE | POST my_index/_update/1 {"doc":{"user":"miki","comment":"Hello World"}} |
| Delete | DELETE my_index/_doc/1 |
- Type 名。约定都使用_doc
- Create - 如果ID已经存在,会失败
- Index - 如果ID 不存在,创建新的文档,否则,先删除现有的文档,再创建新的文档,版本会增加
- Update - 文档必须已经存在,更新只会对相应字段做增量修改。
Index 和 Create 不一样的地方是:Index如果文档不存在,就索引新的文档,否则现有的文档被删除,新的文档被索引,版本信息+1
Demo 样例
Create 操作 -----------------
create document 自动生成 _id 自动生成的_id为 sScE8WsBpFvH-ktyc4_6
POST users/_doc
{
"user":"Mike",
"post_date":"2019_07_14 23:04:43",
"message": "trying out Kibana"
}
{
"_index" : "users",
"_type" : "_doc",
"_id" : "sScE8WsBpFvH-ktyc4_6",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 1
}
create document 指定ID,如果id 已经存在,报错
PUT users/_doc/1?op_type=create
{
"user":"Mike",
"post_date":"2019_07_14 23:04:43",
"message": "trying out Kibana"
}
READ 操作 -----------------
Get Document by ID
GET users/_doc/1
{
"_index" : "users",
"_type" : "_doc",
"_id" : "1",
"_version" : 1,
"_seq_no" : 1,
"_primary_term" : 1,
"found" : true,
"_source" : {
"user" : "Mike",
"post_date" : "2019_07_14 23:04:43",
"message" : "trying out Kibana"
}
}
INDEX 更新 -----------------
他会删除再更新,版本号(version)会加一
PUT users/_doc/1
{
"user":"Alita"
}
{
"_index" : "users",
"_type" : "_doc",
"_id" : "1",
"_version" : 2,
"result" : "updated",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 2,
"_primary_term" : 1
}
在原文档上增加字段 -----------------
POST users/_update/1/
{
"doc":{
"post_date":"2019_07_14 23:04:43",
"message":"trying out Elasticsearch"
}
}
{
"_index" : "users",
"_type" : "_doc",
"_id" : "1",
"_version" : 3,
"result" : "updated",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 3,
"_primary_term" : 1
}
Bulk API -----------------
支持在一次API 调用中,对不同的索引进行操作,支持CRUD操作。
此方法主要是可节约网络上的多次调用。
操作中单条操作失败,并不影响其他的操作。
POST _bulk
{"index":{"_index":"test","_id":"1"}}
{"field1":"value1"}
{"delete":{"_index":"test","_id":2}}
{"create":{"_index":"test2","_id":3}}
{"field1":"value3"}
{"update":{"_id":"1","_index":"test"}}
{"doc":{"field2":"value2"}}
{
"took" : 397,
"errors" : false,
"items" : [
{
"index" : {
"_index" : "test",
"_type" : "_doc",
"_id" : "1",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 1,
"status" : 201
}
},
{
"delete" : {
"_index" : "test",
"_type" : "_doc",
"_id" : "2",
"_version" : 1,
"result" : "not_found",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 1,
"_primary_term" : 1,
"status" : 404
}
},
{
"create" : {
"_index" : "test2",
"_type" : "_doc",
"_id" : "3",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 1,
"status" : 201
}
},
{
"update" : {
"_index" : "test",
"_type" : "_doc",
"_id" : "1",
"_version" : 2,
"result" : "updated",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 2,
"_primary_term" : 1,
"status" : 200
}
}
]
}
批量读取 mget
GET /_mget
{
"docs":[
{
"_index":"test",
"_id":"1"
},
{
"_index":"test",
"_id":"2"
}
]
}
{
"docs" : [
{
"_index" : "test",
"_type" : "_doc",
"_id" : "1",
"_version" : 2,
"_seq_no" : 2,
"_primary_term" : 1,
"found" : true,
"_source" : {
"field1" : "value1",
"field2" : "value2"
}
},
{
"_index" : "test",
"_type" : "_doc",
"_id" : "2",
"found" : false
}
]
}
批量查询 msearch
可以按条件来查询
POST kibana_sample_data_ecommerce/_msearch
{}
{"query":{"match_all":{}},"size":1}
{"index":"kibana_sample_data_flights"}
{"query":{"match_all":{}},"size":2}
网友评论