elasticsearch-sql查询

目的

elasticsearch以sql形式查询数据

方式1

get /_xpack/sql?format=txt
{
  "query": "
    select spanId, avg(elapsed),count(1) from  \"sc-log-wbjr_2022-01-21\" 
    group by spanId having count(1) >100 
    order by count(1) desc
    "
}

转移索引名字"xxx"

方式2

get /_xpack/sql?format=txt
{
  "query": """
    select spanId, avg(elapsed),count(1) from "sc-log-wbjr_2022-01-21" 
    group by spanId having count(1) >100 
    order by count(1) desc
    """
}

"""x""" 包裹,不用转义索引。仅仅索引被"index_name"

总结

方式1可以直接在postman发送post请求查询结果,方式2只能在kibann-dev-tool中使用

posted @ 2023-06-24 12:45  mvpbang  阅读(90)  评论(0编辑  收藏  举报