常用命令(ELK版本7.6.2)
#集群运行状况
GET /_cat/health?v
#集群运行节点
GET /_cat/nodes?v
#列出所有索引
GET /_cat/indices?v
#============================================================
#创建索引
PUT /goods
#删除索引
DELETE /goods
#============================================================
#添加记录(需要指定id) 格式:/索引名称/索引类型(_doc)/索引id
PUT /goods/_doc/1
{
"name":"zhangsan",
"age":21
}
#添加记录(自动生成id) 格式:/索引名称/索引类型(_doc)
POST /goods/_doc
{
"name":"zhangsan",
"age":20
}
#============================================================
#查询所有记录
GET /goods/_search
#查询满足条件记录(根据返回结果中found字段值来判断是否找到)
GET /goods/_doc/1
#查询满足条件记录(根据返回结果中found字段值来判断是否找到)
GET /goods/_doc/aa
#============================================================
#修改记录(所有字段都要带上,不然就丢失了,下面例子中name字段丢失)
PUT /goods/_doc/1
{
"age":23
}
#修改记录(只更新指定字段)
POST /goods/_update/1/
{
"doc": {
"age":23
}
}
#============================================================
#删除记录(格式:/索引名称/索引类型(_doc)/索引id),根据返回中的result(deleted|not_found)字段,判断是否删除成功
DELETE /goods/_doc/1
#============================================================
#批量操作
#批量添加
POST /goods/_bulk
{"index":{"_id":1}}
{"title":"酒精","code":"0001","group":"g001"}
{"index":{"_id":2}}
{"title":"丁香茶","code":"0002","group":"g002"}
{"index":{"_id":3}}
{"title":"酒精2","code":"0003","group":"g001"}
{"index":{"_id":4}}
{"title":"丁香茶2","code":"0004","group":"g002"}
GET /goods/_mget
{
"ids":[1,2]
}
#============================================================
#高级查询
#通过uri传参查询
GET /goods/_search?q=title:酒精
#通过json格式参数查询
GET /goods/_search
{
"query": {
"match_all": {}
}
}
GET /goods/_search
{
"query": {
"match": {
"title": "酒"
}
}
}
GET /goods/_search
{
"query": {
"term": {
"title": "酒"
}
}
}
GET /logstash/_search
# 指定分页数(from:偏移数,size:记录数)
# 指定查询的字段_source
GET /logstash/_search
{
"_source": ["@timestamp","level","traceId","spanId","logmessage"],
"from": 0,
"size": 100,
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
],
"query": {
"match": {
"traceId": "60295beb588e431e"
}
}
}
GET /logstash/_search
{
"_source": ["pid","@timestamp","level","traceId","spanId","logmessage"],
"from": 0,
"size": 100,
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
],
"query": {
"bool": {
"must": [
{
"match": {
"traceId": "60295beb588e431e"
}
}
],
"must_not": [
{
"match": {
"logmessage": "filter"
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "2020-05-18T06:22:22.414",
"lte": "2020-05-18T06:22:22.415"
}
}
}
]
}
}
}
#分组查询(字段后加.keyword,否则报错)
DELETE /goods
GET /goods/_search
GET /goods/_search
{
"aggs": {
"thegroup": {
"terms": {
"field": "group.keyword",
"size": 10
}
}
}
}
#===================
#1.安装分词器https://github.com/medcl/elasticsearch-analysis-ik
# 下载分词器到plugins/ik目录下,重启elasticsearch即可
#生成测试数据
DELETE /tv
#设置索引(不设置则分词不生效)
PUT /tv
{
"mappings": {
"properties": {
"title":{
"type": "text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_max_word"
}
}
}
}
POST /tv/_bulk
{"index":{"_id":1}}
{"title":"小米高清电视","code":"0001","group":"g001"}
{"index":{"_id":2}}
{"title":"索尼1000寸电视","code":"0002","group":"g002"}
{"index":{"_id":3}}
{"title":"小米电视","code":"0003","group":"g001"}
{"index":{"_id":4}}
{"title":"索尼电视","code":"0004","group":"g002"}
GET /tv/_search
GET /tv/_search
{
"query": {
"match": {
"title": "小米高清电视"
}
}
}
GET /tv/_search
{
"query": {
"match_phrase": {
"title": {
"query": "索尼电视",
"slop": 20,
"analyzer": "ik_max_word"
}
}
}
}
网友评论