ELK 2种查询方式
elasticsearch提供两种查询方式:
- 查询字符串(query string),简单查询,就像是像传递URL参数一样去传递查询语句,被称为简单搜索或查询字符串(query string)搜索。
- 另外一种是通过DSL语句来进行查询,被称为DSL查询(Query DSL),DSL是Elasticsearch提供的一种丰富且灵活的查询语言,该语言以json请求体的形式出现,通过restful请求与Elasticsearch进行交互。
- 查询字符串
GET zhifou/doc/_search?q=from:gu
?号后面的为查询字符串
{ "took" : 36, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "skipped" : 0, "failed" : 0 }, "hits" : { # hits是返回的结果集, 所有from属性为gu的结果集, 注意_score字段,这是得分,根据算法算出跟查询条件的匹配度,匹配度高得分就高 "total" : 3, "max_score" : 0.6931472, "hits" : [ { "_index" : "zhifou", "_type" : "doc", "_id" : "4", "_score" : 0.6931472, "_source" : { "name" : "石头", "age" : 29, "from" : "gu", "desc" : "粗中有细,狐假虎威", "tags" : [ "粗", "大", "猛" ] } }, { "_index" : "zhifou", "_type" : "doc", "_id" : "1", "_score" : 0.2876821, "_source" : { "name" : "顾老二", "age" : 30, "from" : "gu", "desc" : "皮肤黄,武器长,性格直", "tags" : [ "黑", "长", "直" ] } }, { "_index" : "zhifou", "_type" : "doc", "_id" : "3", "_score" : 0.2876821, "_source" : { "name" : "龙套偏房", "age" : 22, "from" : "gu", "desc" : "mmp,没怎么看,不知道怎么形容", "tags" : [ "造数据", "真", "难" ] } } ] } }
- 结构化查询
GET zhifou/doc/_search { "query": { "match": { "from": "gu" } } }
将查询条件添加到match中即可,而match则是查询所有from字段的值中含有gu的结果就会返回, 返回的结果上面一样.
