ElasticStack-elasticsearch篇

发表于 更新于 阅读次数: 阅读次数:

概述

主要汇总下基础的restful api

host:ip:9200

基础查询

获取es信息 GET host

request:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
    "name": "5f04c6c0a818",
    "cluster_name": "elasticsearch",
    "cluster_uuid": "vUPjZeMvSGqO_lrtmhqlmw",
    "version": {
        "number": "7.12.0",
        "build_flavor": "default",
        "build_type": "docker",
        "build_hash": "78722783c38caa25a70982b5b042074cde5d3b3a",
        "build_date": "2021-03-18T06:17:15.410153305Z",
        "build_snapshot": false,
        "lucene_version": "8.8.0",
        "minimum_wire_compatibility_version": "6.8.0",
        "minimum_index_compatibility_version": "6.0.0-beta1"
    },
    "tagline": "You Know, for Search"
}

获取索引 GET host/_cat/indices?v

request:

1
2
3
4
5
6
7
8
9
10
health status index                           uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   bank                            ktIRbx9ZTwyDrEHlxiZpqw   1   1       1000            0    379.3kb        379.3kb
green  open   .kibana_task_manager_7.12.0_001 Yi3dSuiVSYWYaFidZxHSJg   1   0          9        26006      2.6mb          2.6mb
green  open   .apm-custom-link                DLOQIooBRiWD4O237c8tBA   1   0          0            0       208b           208b
green  open   .apm-agent-configuration        zUC91G_oRw63OY54rV2orw   1   0          0            0       208b           208b
green  open   .async-search                   NkCazI4YQDirjCrnvlEv2Q   1   0          0           24    794.5kb        794.5kb
green  open   .kibana_7.12.0_001              z4vax_yNTq2cOP7JxBphOQ   1   0         63           10      2.1mb          2.1mb
green  open   .kibana-event-log-7.12.0-000001 CYz7KhrsRa-dino1NEPDog   1   0          7            0     32.9kb         32.9kb
green  open   .tasks                          6wSie0zSRIW17VNQuxHgNQ   1   0          8            0     42.4kb         42.4kb

批量创建数据 POST host/bank/account/_bulk

request:

1
2
3
4
5
6
{"index":{"_id":"1"}}
{"account_number":1,"balance":39225,"firstname":"Amber","lastname":"Duke","age":32,"gender":"M","address":"880 Holmes Lane","employer":"Pyrami","email":"amberduke@pyrami.com","city":"Brogan","state":"IL"}
{"index":{"_id":"6"}}
{"account_number":6,"balance":5686,"firstname":"Hattie","lastname":"Bond","age":36,"gender":"M","address":"671 Bristol Street","employer":"Netagy","email":"hattiebond@netagy.com","city":"Dante","state":"TN"}
{"index":{"_id":"13"}}
{"account_number":13,"balance":32838,"firstname":"Nanette","lastname":"Bates","age":28,"gender":"F","address":"789 Madison Street","employer":"Quility","email":"nanettebates@quility.com","city":"Nogal","state":"VA"}

GET查询 GET host/bank/_search?q=age:31

response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
    "took": 1,
    "timed_out": false,
    "_shards": {
        "total": 1,
        "successful": 1,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 61,
            "relation": "eq"
        },
        "max_score": 1.0,
        "hits": [
            {
                "_index": "bank",
                "_type": "account",
                "_id": "51",
                "_score": 1.0,
                "_source": {
                    "account_number": 51,
                    "balance": 14097,
                    "firstname": "Burton",
                    "lastname": "Meyers",
                    "age": 31,
                    "gender": "F",
                    "address": "334 River Street",
                    "employer": "Bezal",
                    "email": "burtonmeyers@bezal.com",
                    "city": "Jacksonburg",
                    "state": "MO"
                }
            }
        ]
    }
}

POST查询 POST host/bank/_search

request:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
    "query": {
        "bool": {
            "must": {
                "match_all": {}
            },
            "filter": {
                "range": {
                    "balance": {
                        "gte": 20000,
                        "lte": 30000
                    }
                }
            }
        }
    },
    "sort": {
        "age": {
            "order": "asc"
        }
    },
    "_source": [
        "account_number",
        "balance",
        "address"
    ],
    "from": 1,
    "size": 10
}

response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "took": 1,
    "timed_out": false,
    "_shards": {
        "total": 1,
        "successful": 1,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 217,
            "relation": "eq"
        },
        "max_score": null,
        "hits": [
            {
                "_index": "bank",
                "_type": "account",
                "_id": "292",
                "_score": null,
                "_source": {
                    "account_number": 292,
                    "address": "691 Nassau Street",
                    "balance": 26679
                },
                "sort": [
                    20
                ]
            }
        ]
    }
}

聚合查询

分组 tags 后再分组source_ip

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
GET vpn-log-*/_search
{
  "query": {
    "bool": {
      "must": {
        "match": {
          "_index": "<vpn-log-{now/d{YYYY-MM-dd}}>"
        }
      },
      "filter": [
        {
          "terms": {
            "tags": [
              "QN"
            ]
          }
        }
      ]
    }
  },
  "aggs": {
    "topn": {
      "terms": {
        "field": "tags"
      },
      "aggs": {
        "source_ip_topn": {
          "terms": {
            "field": "source_ip"
          }
        }
      }
    }
  }
}

专题目录

ElasticStack-安装篇
ElasticStack-elasticsearch篇
ElasticStack-logstash篇
elasticSearch-mapping相关
elasticSearch-分词器介绍
elasticSearch-分词器实践笔记
elasticSearch-同义词分词器自定义实践
docker-elk集群实践
filebeat与logstash实践
filebeat之pipeline实践
Elasticsearch 7.x 白金级 破解实践
elk的告警调研与实践