說明:個人學習練習【筆記】而已,文檔中所有指令都經過練習實際操作。版本都是7.7.0,後續再發java操作ES
ELK相關叢集配置
ELK相關學習更新以及常見問題記錄
Kibana操作ES
基本知識
基本指令
| 指令 | 字段 | 含義 |
|---|---|---|
| PUT | /索引名稱/類型名稱/文檔ID | 建立文檔(指定文檔ID) |
| POST | /索引名稱/索引類型 | 建立文檔(随機文檔ID) |
| POST | /索引名稱/類型名稱/文檔id/_update | 修改文檔 |
| DELETE | /索引名稱/類型名稱/文檔id | 删除文檔/或者索引 |
| GET | /索引名稱/類型名稱/文檔id | 查詢文檔通過文檔ID |
| POST | /索引名稱/類型名稱/_search | 查詢所有資料 |
基本資料類型
| 字元串類型 | 數值類型 | 日期(納秒) | 布爾值類型 | 二進制類型 | 範圍類型 |
|---|---|---|---|---|---|
| text keyword | byte short integer long float double half_float scaled_float | date(date_nanos) | boolean | binary | range |
複雜資料類型
| 數組類型 | 對象類型 | 嵌套類型 |
|---|---|---|
| array | object | nested |
地理資料類型
| 地理點類型 | 地理形狀類型 |
|---|---|
| geo-point | geo-shape |
特殊資料類型很多,這裡記錄兩種
| 計數資料類型 | IP類型 |
|---|---|
| token_count | ip (IPv4 和 IPv6 位址) |
指令練習
練習基礎資料
建立一個索引庫和索引規則并指定字段類型
PUT /crazy
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 2
},
"mappings": {
"properties": {
"id": {
"type": "integer"
},
"name": {
"type": "keyword"
},
"age": {
"type": "long"
},
"birth": {
"type": "date"
},
"desc": {
"type": "text"
},
"tag": {
"type": "text"
}
}
}
}
建立一些測試資料
POST /crazy/_doc
{"name":"瘋子","age":23,"birth":"1997-06-06","desc":"瘋子學elk來了","tag":["JAVA","帥哥","HTML","暖男","看書"]}
POST /crazy/_doc
{"name":"小傻子","age":20,"birth":"2000-12-20","desc":"傻子不愛吃蘋果","tag":["遊戲","直播","直男","渣男","旅遊"]}
POST /crazy/_doc
{"name":"張張三","age":5,"birth":"2015-02-20","desc":"張三5歲了,他也不愛吃蘋果","tag":["萌寶","遊戲","小暖男","睡覺","玩具"]}
POST /crazy/_doc
{"name":"李四","age":50,"birth":"1970-04-25","desc":"李四50歲了,她愛吃香蕉,是個老太太","tag":["老人","聽戲","散步","睡覺","老太婆"]}
POST /crazy/_doc
{"name":"王五五","age":30,"birth":"1990-09-25","desc":"王五愛吃蘋果,還學java,也愛吃香蕉","tag":["直男","技術宅","睡覺","聽音樂","大佬"]}
常用狀态檢視
擷取索引的規則具體資訊
GET /crazy
健康值
【_cat指令可以檢視es的很多資訊】
GET _cat/health
版本資訊
GET _cat/indices?v
文檔資料基本操作
★關鍵字總結:
字段類型差別:查詢關鍵字差別:
字段不會被分詞器解析keyword
- 不分詞,直接索引。【支援:模糊、精确查詢,支援聚合】
字段會被分詞器解析text
- 先分詞,然後進行索引。【支援:模糊、精确查詢,不支援聚合】
bool值關鍵字差別:是|或|否
查詢時直接通過反向索引指定的詞條進行精确查找的【多用于精确值查找】term
會使用分詞器解析【先分析文檔,然後通過分析的文檔進行查詢】【多用于模糊值查找】match
必須:所有條件都要符合must
或者should
不等于must_not
查詢一條資料 1
直接指定索引/類型/{id}
GET crazy/_doc/A-pYKXMB85eJEC73q2LL
查詢一條資料 2
精确查找nam叫瘋子的,兩個查詢都能查到GET /crazy/_doc/_search { "query":{ "term":{ "name":"瘋子" } } } GET /crazy/_doc/_search { "query":{ "match":{ "name":"瘋子" } } }
查詢一條資料 3
這裡用模糊查詢name字段不會有結果
因為name字段是keyword類型,不會被分詞,是以下面的練習都用模糊查詢其他字段
GET /crazy/_doc/_search { "query":{ "match":{ "name":"瘋" } } }
查詢所有資料
使用請求體和關鍵字 _search
GET crazy/_search
{
"query": {
"match_all": {}
}
}
添加一條資料(随機ID)
{
"name": "小七",
"age": 10,
"birth": "2010-08-21",
"desc": "小七是個淘氣鬼,天天就愛搗亂",
"tag": [
"國小生",
"搗亂",
"睡覺",
"打遊戲",
"淘氣"
]
}
更新資料put【不推薦】
更新剛才小七的id
容易出現資料滞空(沒有更新到的字段會空)
put是覆寫是更新,版本号屬性會發生改變
PUT /crazy/_doc/BuqTLHMB85eJEC73D20H
{
"name":"小小七七",
"desc":"不知道如何形容"
}
更新資料post【推薦】
POST /crazy/_doc/BuqTLHMB85eJEC73D20H/_update
{
"doc":{
"desc":"小七很頑皮,也很帥"
}
}
直接删除一條資料(根據id)
DELETE /crazy/_doc/BuqTLHMB85eJEC73D20H
删除索引/或文檔
DELETE /crazy
DELETE /crazy/_doc
複雜查詢
模糊查詢
例如:select * from table a where a.desc like “%蘋果%”
這裡的
字段類型是desc
text
,此類型字段會被分詞器解析
使用關鍵字
查詢,會使用分詞器解析,先分析文檔,然後通過分析的文檔進行查詢*match
GET /crazy/_doc/_search
{
"query":{
"match":{
"desc":"蘋果"
}
}
}
結果過濾 _source
_source
上面的查詢出來的字段太多了,隻要展示name、age、desc即可
關鍵字
與請求體關鍵字_source
同級,逗号分隔,參數為數組query
GET /crazy/_doc/_search { "query":{ "match":{ "desc":"蘋果" } }, "_source":["name","age","desc"] }
結果排序 sort
sort
上面的結果例子:根據年齡升序
關鍵字
與請求體關鍵字sort
同級,逗号分隔,參數為數組對象query
GET /crazy/_doc/_search { "query":{ "match":{ "desc":"蘋果" } }, "_source":["name","age","desc"], "sort":[{ "age":{ "order":"asc" } }] }
分頁 from\size
from\size
要求:查詢所有資料,每頁2條資料,展示第2頁
關鍵字:
從第幾個開始,下标0是第一個from
查詢多少條資料size
- 都與
同級,逗号分隔query
GET crazy/_search { "query": { "match_all": {} }, "from": 2, "size": 2 }
bool條件查詢
查詢age=20歲并且desc有愛字的
- bool-must必須同時滿足多個條件,條件内部可使用
,這裡用的match/term
,是并且關系desc有愛age=20
-must
-should
與或非條件内部為數組對象,每個條件都需要單獨的=={ }==括起來must-not
GET /crazy/_doc/_search { "query": { "bool": { "must":[ { "match": { "desc": "愛" } }, { "term": { "age": "20" } } ] } } }
查詢age=30或者tag标簽有男字的
- bool-should 或許滿足某個條件,條件内部可使用
,這裡用的match/term
,是或者關系tag有男age=30
must
should
與或非條件内部為數組對象,每個條件都需要單獨的=={ }==括起來,must-not
GET /crazy/_doc/_search { "query": { "bool": { "should": [ { "term": { "age": "30" } }, { "match": { "tag": "男" } } ] } } }
查詢年齡必須不等于30歲和desc沒有香蕉的
bool-should 必須不等于某些條件,條件内部可使用,這裡用的match/term
,條件内部是與關系,意思這些條件都不能被滿足tag有男age=30
GET /crazy/_doc/_search { "query": { "bool": { "must_not": [ { "term": { "age": "30" } }, { "match": { "desc": "香蕉" } } ] } } }
filter過濾器查詢
查詢10<=age>=30,desc有蘋果或者香蕉的
- 這裡的
可以用match多條件查詢,空格分隔,都滿足的靠前展示desc或者
- 這裡
是指過濾器,對上面的must結果進行過濾filter
- filter-range-lt-gt解釋:
range範圍過濾
gt>=
lt<=
GET /crazy/_doc/_search { "query": { "bool": { "must":[ { "match": { "desc": "蘋果 香蕉" } } ], "filter": { "range": { "age": { "gte": 10, "lte": 30 } } } } } }
高亮查詢
查詢desc有蘋果或者香蕉的,并将蘋果香蕉高亮
- ES支援大概3種高亮方式:
plain highlighter
fast vector highlighter
posting highlighter
- Plain Highlighter為預設高亮,這裡學習用預設的。
- 這裡的測試資料查詢結果為蘋果香蕉字段預設添加
HTML标簽<em> </em>
GET /crazy/_doc/_search { "query": { "match":{ "desc":"蘋果 香蕉" } }, "highlight":{ "fields":{ "desc":{} } } }
- 修改上面的預設标簽方式,這裡修改為p标簽并指定class屬性和行内元素顔色屬性
:字首,``post_tags`:字尾pre_tags
GET /crazy/_doc/_search { "query": { "match":{ "desc":"蘋果 香蕉" } }, "highlight":{ "pre_tags": "<p class='key' style='color:red'>", "post_tags":"</p>", "fields":{ "desc":{} } } }
聚合查詢基本操作
類似與sql的分組group by
格式:
"aggs" : { // 聲明聚合操作 "aggs_name" : { // 聚合名,可以自定義 "aggs_type" : { // 聚合類别比如sum,max,min,avg等等 aggs_body // 聚合體 }, "aggs" : { // 父子關系嵌套的另一個聚合,與上一個聚合逗号分隔 "aggs_name"{ "aggs_type" : { "aggs_body " } } }, "aggs" : { // 兄弟關系嵌套的另一個聚合,與上一個聚合逗号分隔 "aggs_name"{ "aggs_type" : { "aggs_body " } } } }
desc字段有蘋果的人的平均年齡
- avg_age自定義傳回平均值的名字
- avg 要做的聚合操作這裡是求平均值,還有max,min等等
- field指定按什麼字段進行聚合操作
- query-match模糊查詢desc字段
GET /crazy/_doc/_search { "query":{ "match":{ "desc":"蘋果" } }, "aggs": { "avg_age": { "avg": { "field": "age" } } } }
花式查詢大集合:
條件1:1<age
>=30
條件2:
tag
包含男/遊戲
條件3:
desc
包含蘋果
條件4:高亮展示
tag
字段查詢内容,并自定義标簽
條件5:年齡
age
升序排序
條件6:格式化生日日期yyyy-MM-dd
條件7:計算結果的年齡統計資訊
條件8:統計:0<age<=20歲分段統計,20<age<=50歲分段統計文檔資訊ageStats
條件9:統計:20年之内出生的有多少人ageRanges
條件10:統計:30年内出生的年齡最小的是多少歲birthCounts
條件11:統計:年齡每隔5歲統計直方圖聚合資訊ageMinCounts
等間距劃分histogram
條件12:統計:按固定時間段統計(年/月等等,這裡用年)ageHistogram
birthDateHistogram
GET crazy/_search { "query": { "bool": { "must": [ { "match": { "desc": "蘋果" } }, { "match": { "tag": "男 遊戲" } } ], "filter": { "range": { "age": { "gt": 1, "lte": 30 } } } } }, "sort": [ { "age": { "order": "asc" } } ], "highlight": { "pre_tags": "<p cleaa='key' style='color:red'>", "post_tags": "</p>", "fields": { "tag": {} } }, "aggs": { "ageStats": { "stats": { "field": "age" } }, "ageRanges": { "range": { "field": "age", "ranges": [ { "from": 1, "to": 21 }, { "from": 21, "to": 51 } ] } }, "birthCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-20y", "to": "now" } ] } }, "birthMixCounts": { "date_range": { "field": "birth", "format": "yyyy-MM-dd", "ranges": [ { "from": "now-30y", "to": "now" } ] }, "aggs": { "ageMinCounts": { "min": { "field": "age" } } } }, "ageHistogram": { "histogram": { "field": "age", "interval": 5 } }, "birthDateHistogram": { "date_histogram": { "field": "birth", "format": "yyyy-MM-dd", "interval": "year" } } } }
結果
{ "took" : 7, "timed_out" : false, "_shards" : { "total" : 3, "successful" : 3, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : null, "hits" : [ { "_index" : "crazy", "_type" : "_doc", "_id" : "g-q4LXMB85eJEC73L3G1", "_score" : null, "_source" : { "name" : "張張三", "age" : 5, "birth" : "2015-02-20", "desc" : "張三5歲了,他也不愛吃蘋果", "tag" : [ "萌寶", "遊戲", "小暖男", "睡覺", "玩具" ] }, "highlight" : { "tag" : [ "<p cleaa='key' style='color:red'>遊</p><p cleaa='key' style='color:red'>戲</p>", "小暖<p cleaa='key' style='color:red'>男</p>" ] }, "sort" : [ 5 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "guq4LXMB85eJEC73KHHH", "_score" : null, "_source" : { "name" : "小傻子", "age" : 20, "birth" : "2000-12-20", "desc" : "傻子不愛吃蘋果", "tag" : [ "遊戲", "直播", "直男", "渣男", "旅遊" ] }, "highlight" : { "tag" : [ "<p cleaa='key' style='color:red'>遊</p><p cleaa='key' style='color:red'>戲</p>", "直<p cleaa='key' style='color:red'>男</p>", "渣<p cleaa='key' style='color:red'>男</p>", "旅<p cleaa='key' style='color:red'>遊</p>" ] }, "sort" : [ 20 ] }, { "_index" : "crazy", "_type" : "_doc", "_id" : "huq4LXMB85eJEC73PnGM", "_score" : null, "_source" : { "name" : "王五五", "age" : 30, "birth" : "1990-09-25", "desc" : "王五愛吃蘋果,還學java,也愛吃香蕉", "tag" : [ "直男", "技術宅", "睡覺", "聽音樂", "大佬" ] }, "highlight" : { "tag" : [ "直<p cleaa='key' style='color:red'>男</p>" ] }, "sort" : [ 30 ] } ] }, "aggregations" : { "ageRanges" : { "buckets" : [ { "key" : "1.0-21.0", "from" : 1.0, "to" : 21.0, "doc_count" : 2 }, { "key" : "21.0-51.0", "from" : 21.0, "to" : 51.0, "doc_count" : 1 } ] }, "ageStats" : { "count" : 3, "min" : 5.0, "max" : 30.0, "avg" : 18.333333333333332, "sum" : 55.0 }, "ageHistogram" : { "buckets" : [ { "key" : 5.0, "doc_count" : 1 }, { "key" : 10.0, "doc_count" : 0 }, { "key" : 15.0, "doc_count" : 0 }, { "key" : 20.0, "doc_count" : 1 }, { "key" : 25.0, "doc_count" : 0 }, { "key" : 30.0, "doc_count" : 1 } ] }, "birthDateHistogram" : { "buckets" : [ { "key_as_string" : "1990-01-01", "key" : 631152000000, "doc_count" : 1 }, { "key_as_string" : "1991-01-01", "key" : 662688000000, "doc_count" : 0 }, { "key_as_string" : "1992-01-01", "key" : 694224000000, "doc_count" : 0 }, { "key_as_string" : "1993-01-01", "key" : 725846400000, "doc_count" : 0 }, { "key_as_string" : "1994-01-01", "key" : 757382400000, "doc_count" : 0 }, { "key_as_string" : "1995-01-01", "key" : 788918400000, "doc_count" : 0 }, { "key_as_string" : "1996-01-01", "key" : 820454400000, "doc_count" : 0 }, { "key_as_string" : "1997-01-01", "key" : 852076800000, "doc_count" : 0 }, { "key_as_string" : "1998-01-01", "key" : 883612800000, "doc_count" : 0 }, { "key_as_string" : "1999-01-01", "key" : 915148800000, "doc_count" : 0 }, { "key_as_string" : "2000-01-01", "key" : 946684800000, "doc_count" : 1 }, { "key_as_string" : "2001-01-01", "key" : 978307200000, "doc_count" : 0 }, { "key_as_string" : "2002-01-01", "key" : 1009843200000, "doc_count" : 0 }, { "key_as_string" : "2003-01-01", "key" : 1041379200000, "doc_count" : 0 }, { "key_as_string" : "2004-01-01", "key" : 1072915200000, "doc_count" : 0 }, { "key_as_string" : "2005-01-01", "key" : 1104537600000, "doc_count" : 0 }, { "key_as_string" : "2006-01-01", "key" : 1136073600000, "doc_count" : 0 }, { "key_as_string" : "2007-01-01", "key" : 1167609600000, "doc_count" : 0 }, { "key_as_string" : "2008-01-01", "key" : 1199145600000, "doc_count" : 0 }, { "key_as_string" : "2009-01-01", "key" : 1230768000000, "doc_count" : 0 }, { "key_as_string" : "2010-01-01", "key" : 1262304000000, "doc_count" : 0 }, { "key_as_string" : "2011-01-01", "key" : 1293840000000, "doc_count" : 0 }, { "key_as_string" : "2012-01-01", "key" : 1325376000000, "doc_count" : 0 }, { "key_as_string" : "2013-01-01", "key" : 1356998400000, "doc_count" : 0 }, { "key_as_string" : "2014-01-01", "key" : 1388534400000, "doc_count" : 0 }, { "key_as_string" : "2015-01-01", "key" : 1420070400000, "doc_count" : 1 } ] }, "birthMixCounts" : { "buckets" : [ { "key" : "1990-07-08-2020-07-08", "from" : 6.47432463045E11, "from_as_string" : "1990-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 3, "ageMinCounts" : { "value" : 5.0 } } ] }, "birthCounts" : { "buckets" : [ { "key" : "2000-07-08-2020-07-08", "from" : 9.63051663045E11, "from_as_string" : "2000-07-08", "to" : 1.594203663045E12, "to_as_string" : "2020-07-08", "doc_count" : 2 } ] } } }
所有資料
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 5,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "hOq4LXMB85eJEC73NnF2",
"_score" : 1.0,
"_source" : {
"name" : "李四",
"age" : 50,
"birth" : "1970-04-25",
"desc" : "李四50歲了,她愛吃香蕉,是個老太太",
"tag" : [
"老人",
"聽戲",
"散步",
"睡覺",
"老太婆"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "guq4LXMB85eJEC73KHHH",
"_score" : 1.0,
"_source" : {
"name" : "小傻子",
"age" : 20,
"birth" : "2000-12-20",
"desc" : "傻子不愛吃蘋果",
"tag" : [
"遊戲",
"直播",
"直男",
"渣男",
"旅遊"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "huq4LXMB85eJEC73PnGM",
"_score" : 1.0,
"_source" : {
"name" : "王五五",
"age" : 30,
"birth" : "1990-09-25",
"desc" : "王五愛吃蘋果,還學java,也愛吃香蕉",
"tag" : [
"直男",
"技術宅",
"睡覺",
"聽音樂",
"大佬"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "geq4LXMB85eJEC73HHHq",
"_score" : 1.0,
"_source" : {
"name" : "瘋子",
"age" : 23,
"birth" : "1997-06-06",
"desc" : "瘋子學elk來了",
"tag" : [
"JAVA",
"帥哥",
"HTML",
"暖男",
"看書"
]
}
},
{
"_index" : "crazy",
"_type" : "_doc",
"_id" : "g-q4LXMB85eJEC73L3G1",
"_score" : 1.0,
"_source" : {
"name" : "張張三",
"age" : 5,
"birth" : "2015-02-20",
"desc" : "張三5歲了,他也不愛吃蘋果",
"tag" : [
"萌寶",
"遊戲",
"小暖男",
"睡覺",
"玩具"
]
}
}
]
}
}
聲明:
部落格中标注原創的文章,版權歸本部落格作者所有,若轉載或者引用本文内容請注明來源及原作者,否則依法保留追究權
打賞功能被文章底部的···預設隐藏了,如果幫到你了點個贊呗,要麼收藏一下?
【噓~~~悄悄話:終有一日,你的日積月累,會成為的别人的望塵莫及】
![Java String.format方法的簡單使用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)