使用python连接es数据库并进行操作

一、linux服务器安装python（最好为python3）
1、首先要先安装依赖包：
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel
2、下载python源码包
wget https://www.python.org/ftp/python/3.7.0/Python-3.7.12.tgz
3、解压
tar -zxvf Python-3.7.12.tgz
4、进入解压后的目录：
cd Python-3.7.12
./configure
make && make install
5、软连接
[root@server Python-3.7.12]# mv /usr/bin/python /usr/bin/python.bak
[root@server Python-3.7.12]# ln -s /usr/local/bin/python3 /usr/bin/python
6、更新pip（若没安装重新安装）
mv /usr/bin/pip /usr/bin/pip.bak
ln -s /usr/local/bin/pip3 /usr/bin/pip
7、安装es客户端
pip install elasticsearch
8、编辑清除es索引脚本
vi delete_index.py
添加如下内容

from elasticsearch import Elasticsearch

# 指定Elasticsearch集群的主机和端口
es_host = '10.10.90.211'
es_port = 9200
es_user = 'elastic'
es_password = 'Xg6=M-n1'
# 创建Elasticsearch客户端连接
es = Elasticsearch([{'host': es_host, 'port': es_port, 'scheme': 'http'}], basic_auth=(es_user, es_password))

# 要删除的索引名称
index_name = 'access_log_1'

# 检查索引是否存在
if es.indices.exists(index=index_name):
    # 删除索引
    es.indices.delete(index=index_name)
    print(f"索引 '{index_name}' 已成功删除")
else:
    print(f"索引 '{index_name}' 不存在")
# 关闭Elasticsearch连接
es.transport.close()

9、删除索引
执行python delete_index.py
10、查询索引内字段的值

from elasticsearch import Elasticsearch

# 指定Elasticsearch集群的主机和端口
es_host = '10.10.90.211'
es_port = 9200
es_user = 'elastic'
es_password = 'Xg6=M-n1'
# 创建Elasticsearch客户端连接
es = Elasticsearch([{'host': es_host, 'port': es_port, 'scheme': 'http'}], http_auth=(es_user, es_password))

# 要查询的索引名称
index_name = 'sens_log'
field_names = ['dip', 'sip', 'dport']

# 本地的字段值
local_values = {
    'dip': '192.168.8.110',
    'sip': '192.168.8.29',
    'dport': 8090
}


# 执行查询
#response = es.search(index=index_name, query= {"match_all": {}}, request_timeout=30)
response = es.search(index=index_name, query= {"bool": {"must": [{"match": {"dip": "192.168.8.110"}},{"match": {"sip": "192.168.8.29"}},{"match":{"dport": "8090"}}]}}, request_timeout=30)

# 处理查询结果
hits = response.get("hits", {}).get("hits", [])

for hit in hits:
    source_data = hit.get("_source", {})

    # 比较字段值
    match = all(source_data.get(field) == local_values.get(field) for field in field_names)

    if match:
        print("字段值匹配")
    else:
        print("字段值不匹配")

# 关闭Elasticsearch连接
es.transport.close()