学习笔记

1 架构设计

对于量很大的数据,需要考虑使用中间件做缓冲层,然后用logstash做数据聚合和处理

 

CURD

//创建文档,自动生成 _id
POST users/_doc
{
  "user": "Jack",
  "post_date": "20202010"
}

//创建文档,指定id。id存在则报错
PUT users/_doc/1?op_type=create
{
  "user": "Mike",
  "post_date": "20202011"
}

//根据文档id获取和删除文档
GET users/_doc/1
DELETE users/_doc/1

//索引文档,id已经存在则删除文档并重新创建,_version+1
PUT users/_doc/1
{
  "user": "Mile"
}

//给文档增加字段
POST users/_update/1/
{
  "doc":{
    "post_date": "20202010"
  }
}

//批量操作 
POST _bulk
{"index": { "_index": "test", "_id": "1" }}
{"delete": { "_index": "test", "_id": "2" }}
{"create": { "_index": "test2", "_id": "3" }}
{"update": { "_index": "test", "_id": "1" }}

//批量获取
GET /_mget
{
  "docs": [
      {
        "_index": "test",
        "_id": "1"
      },
        {
        "_index": "test",
        "_id": "2"
      }
    ]
}

//批量查询
POST kibana_sample_data_ecommerce/_msearch
{}
{"query" : {"match_all": {}}, "size":"1"}
{"index": "kibana_sample_data_flights"}
{"query" : {"match_all": {}}, "size":"2"}

  

analyze

//默认切词
GET _analyze
{
  "analyzer": "standard",
  "text": "2 boys go in Boxed-form"
}

//去掉了2数字
GET _analyze
{
  "analyzer": "simple",
  "text": "2 boys go in Boxed-form"
}

//按空格切词
GET _analyze
{
  "analyzer": "whitespace",
  "text": "2 boys go in Boxed-form"
}

//相比simple去掉了助词
GET _analyze
{
  "analyzer": "stop",
  "text": "2 boys go in a Boxed-form"
}

GET _analyze
{
  "analyzer": "keyword",
  "text": "2 boys go in a Boxed-form"
}

GET _analyze
{
  "analyzer": "pattern",
  "text": "2 boys go in a Boxed-form"
}

  

查询语句

 

// 指定字段查询
GET /filebeat-7.7.1*/_search?q=ERROR&df=message
GET /filebeat-7.7.1*/_search?q=message:ERROR

// 使用引号,Phrase查询
GET /filebeat-7.7.1*/_search?q=message:(ERROR AND "2020-11-26")
{
  "profile": "true"
}

GET /filebeat-7.7.1*/_search?q=log.file.path:netty
{
  "profile": "true"
}

// 请求体单字段查询
GET /filebeat-7.7.1*/_search
{
  "_source": ["log.file.path", "message"],
  "query": {
    "match": {"message": {"query": "ERROR 2020-11-26", "operator": "and"}}
  },
  "profile": "true"
}

GET /filebeat-7.7.1*/_search
{
  "_source": ["log.file.path", "message"],
  "query": {
    "term": {"log.file.path": "/opt/logs/xxl-job-vehicle/error.log"}
  }
}

// 布尔多条件查询
GET /filebeat-7.7.1*/_search
{
  "sort": [{"@timestamp": "desc"}],
  "from": 0,
  "size": 30,
  "_source": ["log.file.path", "message", "@timestamp"],
  "query": {
    "bool": {
      "must": [
        {"match": {"log.file.path": "/opt/logs/xxl-job-vehicle/error.log"}},
        {"match": {"message": {"query": "ERROR 2020-11-26", "operator": "and"}}}
      ]
    }
  }
}

  

 

posted @ 2020-11-25 10:56  jabbok  阅读(112)  评论(0编辑  收藏  举报