記得剛接觸Elasticsearch的時候,沒找啥資料,直接看了遍Elasticsearch的中文官方文檔,中文文檔很久沒更新了,一直都是2.3的版本。最近又重新看了遍6.0的官方文檔,由于官方文檔介紹的内容比較多,每次看都很費力,是以這次整理了其中最常用部分,寫下了這篇入門教程,希望對大家有所幫助。
簡介
Elasticsearch是一個基于Lucene的搜尋伺服器。它提供了一個分布式的全文搜尋引擎,基于restful web接口。Elasticsearch是用Java語言開發的,基于Apache協定的開源項目,是目前最受歡迎的企業搜尋引擎。Elasticsearch廣泛運用于雲計算中,能夠達到實時搜尋,具有穩定,可靠,快速的特點。
安裝
Windows下的安裝
Elasticsearch
- 下載下傳Elasticsearch 6.2.2的zip包,并解壓到指定目錄,下載下傳位址:https://www.elastic.co/cn/downloads/past-releases/elasticsearch-6-2-2
- 安裝中文分詞插件,在elasticsearch-6.2.2\bin目錄下執行以下指令;
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.2.2/elasticsearch-analysis-ik-6.2.2.zip
複制
- 運作bin目錄下的elasticsearch.bat啟動Elasticsearch;
Kibana
- 下載下傳Kibana,作為通路Elasticsearch的用戶端,請下載下傳6.2.2版本的zip包,并解壓到指定目錄,下載下傳位址:https://artifacts.elastic.co/downloads/kibana/kibana-6.2.2-windows-x86_64.zip
- 運作bin目錄下的kibana.bat,啟動Kibana的使用者界面
- 通路http://localhost:5601 即可打開Kibana的使用者界面:
Linux下的安裝
Elasticsearch
- 下載下傳elasticsearch 6.4.0的docker鏡像;
docker pull elasticsearch:6.4.0
複制
- 修改虛拟記憶體區域大小,否則會因為過小而無法啟動;
sysctl -w vm.max_map_count=262144
複制
- 使用docker指令啟動;
docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \
-e "discovery.type=single-node" \
-e "cluster.name=elasticsearch" \
-v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-d elasticsearch:6.4.0
複制
- 啟動時會發現
/usr/share/elasticsearch/data
chmod 777 /mydata/elasticsearch/data/
複制
- 安裝中文分詞器IKAnalyzer,并重新啟動;
docker exec -it elasticsearch /bin/bash
#此指令需要在容器中運作
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.4.0/elasticsearch-analysis-ik-6.4.0.zip
docker restart elasticsearch
複制
- 通路會傳回版本資訊:http://192.168.3.101:9200/
Kibina
- 下載下傳kibana 6.4.0的docker鏡像;
docker pull kibana:6.4.0
複制
- 使用docker指令啟動;
docker run --name kibana -p 5601:5601 \
--link elasticsearch:es \
-e "elasticsearch.hosts=http://es:9200" \
-d kibana:6.4.0
複制
- 通路位址進行測試:http://192.168.3.101:5601
相關概念
- Near Realtime(近實時):Elasticsearch是一個近乎實時的搜尋平台,這意味着從索引文檔到可搜尋文檔之間隻有一個輕微的延遲(通常是一秒鐘)。
- Cluster(叢集):群集是一個或多個節點的集合,它們一起儲存整個資料,并提供跨所有節點的聯合索引和搜尋功能。每個群集都有自己的唯一群集名稱,節點通過名稱加入群集。
- Node(節點):節點是指屬于叢集的單個Elasticsearch執行個體,存儲資料并參與叢集的索引和搜尋功能。可以将節點配置為按叢集名稱加入特定叢集,預設情況下,每個節點都設定為加入一個名為
elasticsearch
- Index(索引):索引是一些具有相似特征的文檔集合,類似于MySql中資料庫的概念。
- Type(類型):類型是索引的邏輯類别分區,通常,為具有一組公共字段的文檔類型,類似MySql中表的概念。
注意
- Document(文檔):文檔是可被索引的基本資訊機關,以JSON形式表示,類似于MySql中行記錄的概念。
- Shards(分片):當索引存儲大量資料時,可能會超出單個節點的硬體限制,為了解決這個問題,Elasticsearch提供了将索引細分為分片的概念。分片機制賦予了索引水準擴容的能力、并允許跨分片分發和并行化操作,進而提高性能和吞吐量。
- Replicas(副本):在可能出現故障的網絡環境中,需要有一個故障切換機制,Elasticsearch提供了将索引的分片複制為一個或多個副本的功能,副本在某些節點失效的情況下提供高可用性。
叢集狀态檢視
- 檢視叢集健康狀态;
GET /_cat/health?v
複制
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1585552862 15:21:02 elasticsearch yellow 1 1 27 27 0 0 25 0 - 51.9%
複制
- 檢視節點狀态;
GET /_cat/nodes?v
複制
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
127.0.0.1 23 94 28 mdi * KFFjkpV
複制
- 檢視所有索引資訊;
GET /_cat/indices?v
複制
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open pms xlU0BjEoTrujDgeL6ENMPw 1 0 41 0 30.5kb 30.5kb
green open .kibana ljKQtJdwT9CnLrxbujdfWg 1 0 2 1 10.7kb 10.7kb
複制
索引操作
- 建立索引并檢視;
PUT /customer
GET /_cat/indices?v
複制
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open customer 9uPjf94gSq-SJS6eOuJrHQ 5 1 0 0 460b 460b
green open pms xlU0BjEoTrujDgeL6ENMPw 1 0 41 0 30.5kb 30.5kb
green open .kibana ljKQtJdwT9CnLrxbujdfWg 1 0 2 1 10.7kb 10.7kb
複制
- 删除索引并檢視;
DELETE /customer
GET /_cat/indices?v
複制
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open pms xlU0BjEoTrujDgeL6ENMPw 1 0 41 0 30.5kb 30.5kb
green open .kibana ljKQtJdwT9CnLrxbujdfWg 1 0 2 1 10.7kb 10.7kb
複制
類型操作
- 檢視文檔的類型;
GET /bank/account/_mapping
複制
{
"bank": {
"mappings": {
"account": {
"properties": {
"account_number": {
"type": "long"
},
"address": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"age": {
"type": "long"
},
"balance": {
"type": "long"
},
"city": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"email": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"employer": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"firstname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"gender": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"lastname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"state": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
複制
文檔操作
- 在索引中添加文檔;
PUT /customer/doc/1
{
"name": "John Doe"
}
複制
{
"_index": "customer",
"_type": "doc",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 3,
"_primary_term": 1
}
複制
- 檢視索引中的文檔;
GET /customer/doc/1
複制
{
"_index": "customer",
"_type": "doc",
"_id": "1",
"_version": 2,
"found": true,
"_source": {
"name": "John Doe"
}
}
複制
- 修改索引中的文檔:
POST /customer/doc/1/_update
{
"doc": { "name": "Jane Doe" }
}
複制
{
"_index": "customer",
"_type": "doc",
"_id": "1",
"_version": 2,
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 4,
"_primary_term": 1
}
複制
- 删除索引中的文檔;
DELETE /customer/doc/1
複制
{
"_index": "customer",
"_type": "doc",
"_id": "1",
"_version": 3,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 2,
"_primary_term": 1
}
複制
- 對索引中的文檔執行批量操作;
POST /customer/doc/_bulk
{"index":{"_id":"1"}}
{"name": "John Doe" }
{"index":{"_id":"2"}}
{"name": "Jane Doe" }
複制
{
"took": 45,
"errors": false,
"items": [
{
"index": {
"_index": "customer",
"_type": "doc",
"_id": "1",
"_version": 3,
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 5,
"_primary_term": 1,
"status": 200
}
},
{
"index": {
"_index": "customer",
"_type": "doc",
"_id": "2",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 0,
"_primary_term": 1,
"status": 201
}
}
]
}
複制
資料搜尋
查詢表達式(Query DSL)是一種非常靈活又富有表現力的查詢語言,Elasticsearch使用它可以以簡單的JSON接口來實作豐富的搜尋功能,下面的搜尋操作都将使用它。
資料準備
- 首先我們需要導入一定量的資料用于搜尋,使用的是銀行賬戶表的例子,資料結構如下:
{
"account_number": 0,
"balance": 16623,
"firstname": "Bradshaw",
"lastname": "Mckenzie",
"age": 29,
"gender": "F",
"address": "244 Columbus Place",
"employer": "Euron",
"email": "[email protected]",
"city": "Hobucken",
"state": "CO"
}
複制
- 我們先複制下需要導入的資料,資料位址:https://github.com/macrozheng/mall-learning/blob/master/document/json/accounts.json
- 然後直接使用批量操作來導入資料,注意本文所有操作都在Kibana的Dev Tools中進行;
POST /bank/account/_bulk
{
"index": {
"_id": "1"
}
}
{
"account_number": 1,
"balance": 39225,
"firstname": "Amber",
"lastname": "Duke",
"age": 32,
"gender": "M",
"address": "880 Holmes Lane",
"employer": "Pyrami",
"email": "[email protected]",
"city": "Brogan",
"state": "IL"
}
......省略若幹條資料
複制
- 導入完成後檢視索引資訊,可以發現
bank
GET /_cat/indices?v
複制
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open bank HFjxDLNLRA-NATPKUQgjBw 5 1 1000 0 474.6kb 474.6kb
複制
搜尋入門
- 最簡單的搜尋,使用
match_all
GET /bank/_search
{
"query": { "match_all": {} }
}
複制
- 分頁搜尋,
from
size
GET /bank/_search
{
"query": { "match_all": {} },
"from": 0,
"size": 10
}
複制
- 搜尋排序,使用
sort
balance
GET /bank/_search
{
"query": { "match_all": {} },
"sort": { "balance": { "order": "desc" } }
}
複制
- 搜尋并傳回指定字段内容,使用
_source
account_number
balance
GET /bank/_search
{
"query": { "match_all": {} },
"_source": ["account_number", "balance"]
}
複制
條件搜尋
- 條件搜尋,使用
match
account_number
20
GET /bank/_search
{
"query": {
"match": {
"account_number": 20
}
}
}
複制
- 文本類型字段的條件搜尋,例如搜尋
address
mill
match
GET /bank/_search
{
"query": {
"match": {
"address": "mill"
}
},
"_source": [
"address",
"account_number"
]
}
複制
- 短語比對搜尋,使用
match_phrase
address
mill
lane
GET /bank/_search
{
"query": {
"match_phrase": {
"address": "mill lane"
}
}
}
複制
組合搜尋
- 組合搜尋,使用
bool
must
address
mill
lane
GET /bank/_search
{
"query": {
"bool": {
"must": [
{ "match": { "address": "mill" } },
{ "match": { "address": "lane" } }
]
}
}
}
複制
- 組合搜尋,
should
address
mill
lane
GET /bank/_search
{
"query": {
"bool": {
"should": [
{ "match": { "address": "mill" } },
{ "match": { "address": "lane" } }
]
}
}
}
複制
- 組合搜尋,
must_not
address
mill
lane
GET /bank/_search
{
"query": {
"bool": {
"must_not": [
{ "match": { "address": "mill" } },
{ "match": { "address": "lane" } }
]
}
}
}
複制
- 組合搜尋,組合
must
must_not
age
40
state
ID
GET /bank/_search
{
"query": {
"bool": {
"must": [
{ "match": { "age": "40" } }
],
"must_not": [
{ "match": { "state": "ID" } }
]
}
}
}
複制
過濾搜尋
- 搜尋過濾,使用
filter
balance
20000~30000
GET /bank/_search
{
"query": {
"bool": {
"must": { "match_all": {} },
"filter": {
"range": {
"balance": {
"gte": 20000,
"lte": 30000
}
}
}
}
}
}
複制
搜尋聚合
- 對搜尋結果進行聚合,使用
aggs
group by
state
state
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "state.keyword"
}
}
}
}
複制
- 嵌套聚合,例如對
state
state
balance
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "state.keyword"
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance"
}
}
}
}
}
}
複制
- 對聚合搜尋的結果進行排序,例如按
balance
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "state.keyword",
"order": {
"average_balance": "desc"
}
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance"
}
}
}
}
}
}
複制
- 按字段值的範圍進行分段聚合,例如分段範圍為
age
[20,30]
[30,40]
[40,50]
gender
balance
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_age": {
"range": {
"field": "age",
"ranges": [
{
"from": 20,
"to": 30
},
{
"from": 30,
"to": 40
},
{
"from": 40,
"to": 50
}
]
},
"aggs": {
"group_by_gender": {
"terms": {
"field": "gender.keyword"
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance"
}
}
}
}
}
}
}
}
複制
參考資料
https://www.elastic.co/guide/en/elasticsearch/reference/6.0/getting-started.html