elasticsearch DLS语句
一、集群
检查集群健康状况:
GET /_cluster/health?pretty=true
检查集群设置:
PUT _cluster/settings
{
"persistent" :
{
"cluster.routing.rebalance.enable": "none",
##允许在一个节点上发生多少并发传入分片恢复。 默认为2。
##多数为副本
"cluster.routing.allocation.node_concurrent_incoming_recoveries":2,
##允许在一个节点上发生多少并发传出分片恢复,默认为2.
## 多数为主分片
"cluster.routing.allocation.node_concurrent_outgoing_recoveries":2,
##为上面两个的统一简写
"cluster.routing.allocation.node_concurrent_recoveries":2,
##在通过网络恢复副本时,节点重新启动后未分配的主节点的恢复使用来自本地 磁盘的数据。
##这些应该很快,因此更多初始主要恢复可以在同一节点上并行发生。 默认为4。
"cluster.routing.allocation.node_initial_primaries_recoveries":4,
##允许执行检查以防止基于主机名和主机地址在单个主机上分配同一分片的多个实例。
##默认为false,表示默认情况下不执行检查。 此设置仅适用于在同一台计算机上启动多个节点的情况。这个我的理解是如果设置为false,
##则同一个节点上多个实例可以存储同一个shard的多个副本没有容灾作用了
"cluster.routing.allocation.same_shard.host":true
}
}
查看所有索引:
GET /_cat/indices?v
GET /_cat/indices/ultiwill* #根据索引名前缀查询
查看索引分片状态:
GET /_cat/shards?v
索引重新分配副本:
PUT /wefwe/_settings { "number_of_replicas": 0 }
二、索引
创建索引:
PUT /product
设置mapping映射:
POST /product/doc/_mapping { "_source": {"enabled": true}, "dynamic": true, "properties" : { "imei" : {"type" : "text","analyzer" : "keyword","fielddata": true}, "ispid" : {"type":"integer","ignore_malformed": true}, "msisdn" : {"type" : "text","analyzer" : "keyword","fielddata": true}, "maddr_s" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "maddr_p" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "maddr_c" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "netaddr_s" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "netaddr_p" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "netaddr_c" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "seraddr_s" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "seraddr_p" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "seraddr_c" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "uli" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "x_sip" : {"type" : "ip"}, "x_dip" : {"type" : "ip"}, "i_sport" : {"type" : "keyword","doc_values":true}, "i_dport" : {"type" : "keyword","doc_values":true}, "guti" : {"type" : "keyword","doc_values":true}, "i_nsapi" : {"type" : "long","ignore_malformed": true}, "apn" : {"type" : "text", "analyzer" : "keyword"}, "rai" : {"type" : "text", "analyzer" : "keyword"}, "gsnu" : {"type" : "text", "analyzer" : "keyword"}, "teid" : {"type" : "text", "analyzer" : "keyword"}, "endtime" : {"type" : "long","ignore_malformed": true}, "id" : {"type" : "long"}, "i_type" : {"type" : "text","analyzer" : "keyword"}, "conndirect" : {"type" : "text", "analyzer" : "keyword"}, "protocoltype" : {"type" : "text" ,"analyzer" : "keyword"}, "i_trojan_type" : {"type" : "long","ignore_malformed": true}, "pguti":{"type" : "text" ,"analyzer" : "keyword"}, "sid":{"type" : "text" ,"analyzer" : "keyword"}, "x_imsi":{"type" : "text" ,"analyzer" : "keyword","fielddata": true}, "pteid":{"type" : "text" ,"analyzer" : "keyword"}, "flow":{"type" : "long","ignore_malformed": true}, "vpsfirm":{"type" : "text" ,"analyzer" : "keyword"}, "x_begintime":{"type" : "long","ignore_malformed": true}, "netaddr" : {"type" : "keyword","doc_values":true}, "seraddr" : {"type" : "keyword","doc_values":true}, "maddr" : {"type" : "keyword","doc_values":true}, "paddr_s" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "paddr_p" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "paddr_c" : {"type" : "text","analyzer" : "ik_max_word","norms" : false,"fields" : {"raw" : {"type" : "keyword","doc_values":true}}}, "paddr" : {"type" : "keyword","doc_values":true}, "sshclient" : {"type" : "keyword","doc_values":true}, "sshserver" : {"type" : "keyword","doc_values":true}, "sshver" : {"type" : "keyword","doc_values":true}, "b_firstpacket" : {"type" : "binary"}, "b_firstpacket1" : {"type" : "text", "analyzer" : "keyword"}, "appbigt" :{"type" : "integer"}, "appsubt" :{"type" : "integer"} } }
查看索引:
GET /posts/_search
插入数据:
POST /student/_bulk { "index": { "_id": 1 }} { "name" : "liubei", "age" : 20 , "sex": "boy", "birth": "1996-01-02" , "about": "i like diaocan he girl" } { "index": { "_id": 2 }} { "name" : "guanyu", "age" : 21 , "sex": "boy", "birth": "1995-01-02" , "about": "i like diaocan" } { "index": { "_id": 3 }} { "name" : "zhangfei", "age" : 18 , "sex": "boy", "birth": "1998-01-02" , "about": "i like travel" } { "index": { "_id": 4 }} { "name" : "diaocan", "age" : 20 , "sex": "girl", "birth": "1996-01-02" , "about": "i like travel and sport" } { "index": { "_id": 5 }} { "name" : "panjinlian", "age" : 25 , "sex": "girl", "birth": "1991-01-02" , "about": "i like travel and wusong" } { "index": { "_id": 6 }} { "name" : "caocao", "age" : 30 , "sex": "boy", "birth": "1988-01-02" , "about": "i like xiaoqiao" } { "index": { "_id": 7 }} { "name" : "zhaoyun", "age" : 31 , "sex": "boy", "birth": "1997-01-02" , "about": "i like travel and music" } { "index": { "_id": 8 }} { "name" : "xiaoqiao", "age" : 18 , "sex": "girl", "birth": "1998-01-02" , "about": "i like caocao" } { "index": { "_id": 9 }} { "name" : "daqiao", "age" : 20 , "sex": "girl", "birth": "1996-01-02" , "about": "i like travel and history" }
POST /zuo/doc/_mapping { "_source": {"enabled": true}, "dynamic": true, "properties" : { "i_sport" : {"type" : "keyword"}, "dns":{"type" : "text"}, "vpsfirm":{"type" : "text" ,"analyzer" : "keyword"} } } PUT /zuo/doc/1 { "i_sport" : "zuochong", "dns" : "zuochong" , "vpsfirm": "zuochong" }
删除索引:
DELETE /test_index
根据条件删除索引中数据:
POST 索引名称/文档名称/_delete_by_query { "query":{ "term":{ "_id":100000100 } } }
删除所有数据:
POST /索引名称/文档名称/_delete_by_query?pretty { "query": { "match_all": { } } }
三、查询
match匹配, term精确匹配, range范围过滤, exists包含某个字段. all_interests自己定义的聚合名称:
GET /student/_search { "query": { "bool":{ "must":[ { "match": { "about": "travel" } }, { "term":{ "sex":"boy" } }, { "range":{ "age":{ "gt":16, "lte":25 } } }, { "exists":{ "field":"age" } } ] } }, "aggs": { "all_interests": { "terms": { "field": "age" } } } }
模糊查询: text和keyword都可以模糊查询
GET /student/_search {"query": { "wildcard":{ "name": "*li*" } } }
聚合查询:
text的字段聚合,使用“field.keyword”
单字段统计聚合 类似:
select color,sum(1) as salesNum
from Cars
group by color
GET /student/_search { "aggs": { "all_interests": { 自定义 "terms": {
"field": "age" ,
"size": 1000
} } } }
按颜色统计出平均价格:
SELECT Color,AVG(Price) as '平均价格'
FROM #CarsGROUP BY ColorGET testindex/cars/_search { "size": 0, "aggs": { "s": { "terms": { "field": "color.keyword", "size": 10 }, "aggs": { "avg_price": { "avg": { "field": "price" } } } } } }
两个字段统计聚合:
POST basic_agreement_alias/_search { "aggs": { "aggCount": { 自定义 "terms": { "field": "firstip" }, "aggs": { "idCount": { 自定义 "terms": { "field": "emlcountry.keyword" } } } } } }
排序:
查询地址为''北京'', 按照endtime进行降序排序desc
{ "query": { "bool": { "must": [ { "term": { "seraddr_p": { "value": "北京市" } } } ] } }, "sort": [ { "endtime": { "order": "desc" } } ] }
注意: 只能用数字 日期进行排序
and or查询:
{ "query": { "bool": { "must": [{ "match_phrase": { "name": "a" } }], "should": [{ "match_phrase": { "city": "b" } }, { "match_phrase": { "city": "c" } }], "minimum_should_match": 1 } }, "size": 5 }
实现 "name"=="a" and ("city" == "b" or "city" == "c")
高亮查询:
{ "query": { "bool": { "must": [ { "match": { "FIELD1": "value1" } }, { "match": { "FIELD2": "value2" } } ] } }, "highlight": { "fields": { "FIELD1":{}, "FIELD2":{} } } }
