ElasticSearch之旅--常用语法,elasticsearch之旅--
最近,工作中有2个项目使用到ElasticSearch(2.3.3),记录一下Elastic的从0开始的使用过程,可以作为入门参考资料。
参考
官网:https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html 。
入门干货:http://www.cnblogs.com/xing901022/category/642865.html 。
Sense参考:http://www.cnblogs.com/huangfox/p/3541714.html 。
操作ES,必须学会使用Sense,通过最基本的REST API来管理ES,查询ES。
集群状态
模板:GET http://SERVER/_template
映射:GET http://SERVER/_mapping
索引:GET http://SERVER/_cat/indices?v
_cat查看集群各种参数:http://www.cnblogs.com/xing901022/p/5365842.html
索引/映射/模板-CRUD
删除索引:DELETE http://SERVER/puma_test?pretty
新建索引:PUT http://SERVER/puma_test
添加映射:PUT http://SERVER/puma_test/_mapping/puma_test_mapping?pretty -d '{"properties":{"tag_new":{"type":"string","index":"analyzed"}}}'
查看所有映射:GET http://SERVER/ticket_order_statistic_staging/_mapping
查看所有模板:GET http://SERVER/_template
查看某个映射:GET http://SERVER/ticket_order_statistic_staging/_mapping/mapping_name
查看某个模板:GET http://SERVER/_template/template_name
映射
示例一:
PUT http://SERVER/INDEX/_mapping/logs
{
"properties": {
"timestamp": {
"index": "not_analyzed",
"boost": 1,
"format": "strict_date_optional_time||epoch_millis",
"type": "date"
},
"tag": {
"index": "not_analyzed",
"boost": 1,
"type": "string"
},
"origin": {
"index": "not_analyzed",
"boost": 1,
"type": "string"
},
"value": {
"index": "not_analyzed",
"boost": 1,
"type": "double"
},
"hostname_raw": {
"type": "string",
"index": "analyzed",
"analyzer": "ik_max_word",
"search_analyzer": "ik_max_word"
}
}
}如果有数据,则索引类型会不能变更:比如:
不能从long变成date,不能从not_analyzed变成analyzed
查询
示例一:
POST http://SERVER/INDEX/_search
{
"size":10,
"query": {
"filtered":{
"query":{
"match":{
"subcategory__": "SEARCH_STRING"
}
},
"filter":{
"range":{
"es_timestamp":{
"gte":"2016/10/13 14:04:22 +0800"
}
}
}
}
},
"sort": [
{
"es_timestamp": "asc"
}
]
}示例二:
POST http://SERVER/INDEX/_search
{
"size":10,
"query": {
"filtered":{
"query":{
"match":{
"dataStatus": "0"
}
},
"filter":{
"range":{
"timestamp":{
"gte":"2016-01-01T00:00:00+08:00",
"lt":"2016-02-01T00:00:00+08:00"
}
}
}
}
},
"sort": [
{
"es_timestamp": "desc"
}
]
}示例三:
POST http://SERVER/INDEX/MAP/_search
{
"size": 100,
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"term": {
"type": "alert"
}
},
{
"term":{
"hostname_raw": "yf"
}
}
]
}
},
"filter": {
"range": {
"timestamp": {
"gte": "2016-10-11T00:00:00+08:00",
"lt": "2016-10-18T00:00:00+08:00"
}
}
}
}
}
}删除
DELETE http://SERVER/INDEX/MAPPING/_ID
ES只能按照ID进行删除,如果需要通过Search语句进行删除,需要安装插件(不推荐):
https://www.elastic.co/guide/en/elasticsearch/plugins/2.1/plugins-delete-by-query.html
聚合
示例一:
POST http://SERVER/INDEX/_search
{
"size": 0,
"aggs": {
"group_by_province": {
"terms": {
"field": "provinceId"
},
"aggs": {
"group_by_city": {
"terms": {
"field": "cityId"
},
"aggs": {
"average_deal": {
"avg": {
"field": "dealId"
}
}
}
}
}
}
}
}示例二:
POST http://SERVER/INDEX/_search
{
"size": 1,
"query": {
"filtered": {
"query": {
"bool": {
"must": {
"term": {
"dataStatus": "1"
}
}
}
},
"filter": {
"range": {
"timestamp": {
"gte": "2016-10-17T00:00:00+08:00",
"lt": "2016-10-18T00:00:00+08:00"
}
}
}
}
},
"aggs": {
"origin_agg": {
"terms": {
"field": "origin"
},
"aggs": {
"tag_agg": {
"terms": {
"field": "tags"
},
"aggs": {
"minute_agg": {
"date_histogram": {
"field": "timestamp",
"time_zone": "+08:00",
"interval": "1m",
"min_doc_count": 0,
"extended_bounds": {
"min": "2016-10-17T00:00:00+08:00",
"max": "2016-10-18T00:00:00+08:00"
}
},
"aggs": {
"value_sum": {
"sum": {
"field": "value"
}
}
}
}
}
}
}
}
}
}分词
中文分词IK:https://github.com/medcl/elasticsearch-analysis-ik 。
下载这个版本:https://github.com/medcl/elasticsearch-analysis-ik/archive/v1.9.3.zip ,需要 Java8,才能maven package成功,其他的就按照https://github.com/medcl/elasticsearch-analysis-ik 说明即可。
中文分词示例:
POST http://SERVER/INDEX/_analyze?analyzer=ik&pretty=true
{
"text":"世界如此之大"
}还可以使用ik_smart,ik_max_word
英文分词示例:
POST http://SERVER/INDEX/_analyze?analyzer=standard&pretty=true
{
"text":"世界如此之大"
}测试某个字段的分词效果:
POST http://SERVER/INDEX/_analyze
{
"field":"hostname_raw",
"text":"中华人民共和国"
} Script
http://stackoverflow.com/questions/27931241/format-date-in-elasticsearch-query-during-retrieval
http://blog.csdn.net/smithallenyu/article/details/51243764