背景
获取es中的数据做分析,默认查询返回结果有条件限制。分页显示有两种办法:from to & scroll
scroll查询
不用于用户实时查询,用于批量数据查询。 1m代表失效时间
理解:scroll类似游标。操作后觉得是分组的概念,把符合某一类条件的归档到一个标签里,然后通过标签scroll-id分页获取该组的数据,直到数据读完。至于为什么要设置失效时间,难道是为了防止数据过大,超时设置?
- 建立scroll分组
POST /crm-frontend-nginx-2019.03.22/_search?scroll=1m
{
"size":20,
"query": {
"match": {
"status" : 500
}
}
}
- 分批查询scroll分组里的数据,直到hits返回空
POST /_search/scroll
{
"scroll" : "1m",
"scroll_id" : "DnF1ZXJ5VGhlbkZldGNoBQAAAAAANA2bFml1bDBmRVRjUmxhaTVLcXdHdU1FQ3cAAAAAADXHmhZXYmlacERMa1F6aTMtelRodi1sZV9nAAAAAAA70OAWU2pSNGFDNVFSOS1BWkFDT1RSV05qQQAAAAAAAOmmFllUeUhQbjlQVE9LcDFjTFZMZzFlb3cAAAAAACx6xhZoSDM0ZVZidFRqTzRDSDBMTjdsMDB3"
}
- 清理scroll-id
DELETE /_search/scroll/DnF1ZXJ5VGhlbkZldGNoBQAAAAAANA2bFml1bDBmRVRjUmxhaTVLcXdHdU1FQ3cAAAAAADXHmhZXYmlacERMa1F6aTMtelRodi1sZV9nAAAAAAA70OAWU2pSNGFDNVFSOS1BWkFDT1RSV05qQQAAAAAAAOmmFllUeUhQbjlQVE9LcDFjTFZMZzFlb3cAAAAAACx6xhZoSDM0ZVZidFRqTzRDSDBMTjdsMDB3
- 清理所有的scroll
DELETE /_search/scroll/_all
查询语句
要用必先了解
term 、 terms精确指的是包含,而不是相等
-
精确查找 term
filter过滤器执行速度快,不计算相关度易缓存。分析_analyze导致找不到文档数据
SELECT document FROM products WHERE price = 20 GET /my_store/products/_search { "term" : { "price" : 20 } } GET /my_store/products/_search { "query" : { "constant_score" : { // 将term转换成filter "filter" : { //单个过滤器 "term" : { "price" : 20 } } } } } -
组合过滤器 bool
三部分组成。可接受多个过滤器作为参数。bool可嵌套bool。
{ "bool" : { "must" : [], 且 "should" : [], 或 "must_not" : [], 非 } }例子
SELECT product FROM products WHERE (price = 20 OR productID = "XHDK-A-1293-#fJ3") AND (price != 30) GET /my_store/products/_search { "query" : { "filtered" : { "filter" : { "bool" : { "should" : [ { "term" : {"price" : 20}}, { "term" : {"productID" : "XHDK-A-1293-#fJ3"}} ], "must_not" : { "term" : {"price" : 30} } } } } } } -
查找多个精确值 terms
SELECT document FROM products WHERE price = 20 OR price = 30 GET /my_store/products/_search { "query" : { "constant_score" : { "filter" : { "terms" : { "price" : [20, 30] } } } } } -
精确相等
GET /my_index/my_type/_search { "query": { "constant_score" : { "filter" : { "bool" : { "must" : [ { "term" : { "tags" : "search" } }, // 单个标签为search的文档,而不是包含search的文档 { "term" : { "tag_count" : 1 } } ] } } } } } -
范围 range
gt: > 大于(greater than) lt: < 小于(less than) gte: >= 大于或等于(greater than or equal to) lte: <= 小于或等于(less than or equal to)SELECT document FROM products WHERE price BETWEEN 20 AND 40 GET /my_store/products/_search { "query" : { "constant_score" : { "filter" : { "range" : { "price" : { "gte" : 20, "lt" : 40 } } } } } }查询过去15m分钟数据
GET /crm-nginx-2019.04.30/_search { "query": { "constant_score": { "filter": { "range": { "@timestamp": { "gte": "now-15m" } } }, "boost": 1.2 } } }查询500的数据
GET /crm-frontend-nginx-2019.03.22/_search { "query": { "match": { "status" : 500 } } } -
查询与过滤
GET /_search { "query": { "bool": { "must": [ { "match": { "title": "Search" }}, { "match": { "content": "Elasticsearch" }} ], "filter": [ { "term": { "status": "published" }}, { "range": { "publish_date": { "gte": "2015-01-01" }}} ] } } }
网友评论