以下操作在kibana中进行, 如果在linux的shell中, 请使用
curl -Xget 'http://node1:9200/index/type/id' -d '{ ... }' 的形式, 其中 -d 是传参
1, 获取集群状态
1), 查看健康状况:
GET /_cat/health?v
2), 查看节点:
GET /_cat/nodes?v
2, index操作(类似数据库databases)
1, index操作
1), 创建数据库
put lag
{
"settings": {
"index": {
"number_of_shards": 5,
"number_of_replicas": 1
}
}
}
2), 修改settings
分片不可以更改, 副本可以更改
put lag/_settings
{
"number_of_shards": 3
}
3), 获取所有的索引
get _all
获取索引
get lag/_settings
get _all/settings
get .kibana,lagou/_settings
get _settings
4), 查看所有index
GET /_cat/indices?v
5), 创建数据
put customer/_doc/1?pretty
{
"name": "vini"
}
4), 查询
get customer/_doc/1?pretty
5), 删除index
delete customer?pretty
GET /_cat/indices?v
2, document操作(类似记录 record)
1), 保存文档
index/type/id 不指定id的话, 会自动生成uuid
put lag/job/1
{
"title": 'python 爬虫“,
‘salary”: 15000,
’city‘: ’bj‘,
’company“: {
"name": "Baidu",
"company_addr": "bj"
},
"publish_date": "2018"
}
2), 获取文档
get lagou/job/1
或者
看下面query
3), 修改数据
PUT /customer/_doc/1/_update?pretty
{
"name": "wenbronk"
}
就可以将原来的name进行更改
4), 使用post进行修改, 只修改某些字段
只能更新已经存在的id, 增量修改, 没有的字段会添加, 有的会覆盖
post lagou/doc/1/_update?pretty
{
"doc": {
"name": "vini",
"age": 28
}
}
5), 进行简单的脚本计算
post customer/_doc/1/_update?pretty
{
"script": "ctx._source.age += 5"
}
6), 删除document
DELETE /customer/_doc/1?pretty
3, batch处理
可以合并多个操作, 比如index, delete, update, 也可以从一个index导入另一个index
1), 批量插入数据
每条数据由2行构成, delete除外, 第一行为元数据行, 第二行为数据行, upsert比较特殊, 可能为upsert, doc, 或者script
元数据必须放在一行!!!!!
POST /customer/_doc/_bulk?pretty
{"index":{"_id":"1"}} # 针对哪个索引完成的
{"name": "John Doe" } # 数据行, 必须放在一行, 不能做美化
{"index":{"_id":"2"}}
{"name": "Jane Doe" }
如果不写index或者type, 需要在元数据中指定
2), 执行修改第一条, 删除第二条
delte操作, 只有一行,没有元数据行
POST /customer/_doc/_bulk?pretty
{"update":{"_id":"1"}}
{"doc": { "name": "John Doe becomes Jane Doe" } }
{"delete":{"_id":"2"}}
单条出错不影响, 会继续执行剩下的
3), 批量修改
post _bulk?pretty
{
"update": {"_index": "lag", "_type": "job", "_id": 1}
{"doc": {"fileds": "values"}
}
4), 批量获取
get _mget{
"docs": [
{"index": "tested",
"_type": "job",
"_id": 1
},
{"_index": "lag",
"_type": "job2",
"_id": 2
}
]
}
或者同一个index或者同一个 type
get lagou/job1
{
"docs": [
{"_id": 1},
{"_id": 2}
]
}
或者缩写
get lagou/job1
{
"ids": [1, 2]
}
4, 查询
基本查询, 组合查询, 过滤查询
1), 导入基础数据
https://raw.githubusercontent.com/elastic/elasticsearch/master/docs/src/test/resources/accounts.json
curl -H "Content-Type: application/json" -XPOST "10.110.122.172:9200/bank/_doc/_bulk?pretty&refresh" --data-binary "@accounts.json"
GET /_cat/indices?v
2), 使用 q 进行查询
GET /bank/_search?q=*&sort=account_number:asc&pretty
只获取部分字段
get lag/job/1?_source
3) 使用body体进行查询
from 从哪开始, size: 取多少条, sort: 排序
使用 wildcard 进行 * 通配符查询
4), match 分词匹配, 部分匹配
a. match_all 查询所有
get /bank/_search
{
"query": {"match_all": {}},
"from": 10,
"size": 10,
"sort": [
{"account_number": "asc"}
]
}
_source: 显示取字段
get bank/_search
{
"query": {"match": {
"age": 37
}},
"_source": [
"account_number", "age", "address"
]
}
5), macth_parse 短语匹配
会将 查询进行分词, 满足所有分词才会返回结果
term: 完全匹配, 不分词
get bank/_search
{
"query": {"match_phrase": {
"address": "mill lane",
“slop”: 6 # 必须大于设置的词距离才会被搜索到
}},
"_source": [
"account_number", "age", "address"
]
}
6) term查询, 完全匹配
如果没有指定schema是什么类型的, 可能会查询失败
get /ban/_search
{
"query" : {
"term" : {
"abc": "1234"
}
}
}
terms 查询
可传入多个词, 只要有一个匹配, 就可以被查询到
get /ban/_search
{
"query" : {
"term" : {
"abc": ["1234", “568”, “23”]
}
}
}
7), 使用range查询, 范围查询
get /ban/_search
{
"query": {
"range": {
"price": {
"gte": 10,
"lte": 99
}
}
}
}
8) multi_match: 多字段匹配
get /bank/_search
{
"query': {
"bool": {
"must": {
"multi_match": {
"operator": "and",
"fileds": [ "name", "author^3"] # 把titil的权重提高, 分值较高的
"query": "Guide"
}
},
"filter": {
"terms": {
"price": [ 35.99, 188.99]
}
}
}
}
}
5 bool匹配
1) must
get bank/_search
{
"query": {
"bool": {
"must": [
{"match": {"address": "mill"}},
{"match": {"address": "lane"}}
]
}
}
}
}
2) or 匹配, should
GET /bank/_search
{
"query": {
"bool": {
"should": [
{ "match": { "address": "mill" } },
{ "match": { "address": "lane" } }
]
}
}
}
3) must_not匹配
GET /bank/_search
{
"query": {
"bool": {
"must_not": [
{ "match": { "address": "mill" } },
{ "match": { "address": "lane" } }
]
}
}
}
4) 混搭
GET /bank/_search
{
"query": {
"bool": {
"must": [
{ "match": { "age": "40" } }
],
"must_not": [
{ "match": { "state": "ID" } }
]
}
}
}
get lag/testjob/_search
{
"query":{
"bool": {
"should": [
{"term": {"title"; "python"}},
{"bool": {
"must": [
{"term": {"title": "es"}},
{"term": {"salary": 30}}
]
}
}
}
}
}
select * from test job where title = 'python' or
(title = 'es' and salary = 30)
5) fliter查询, es5.x之后, 被 bool 替换, 包裹在bool查询内
1), 使用filtre实现 gte lte
GET /bank/_search
{
"query": {
"bool": {
"must": { "match_all": {} },
"filter": {
"range": {
"balance": {
"gte": 20000,
"lte": 30000,
"boost": 2.0
}
}
}
}
}
}
GET /bank/_search
{
"query": {
"bool": {
"filter": {
"term": {
"abc": "123"
}
}
}
}
}
fitler查询多个值
GET /bank/_search
{
"query": {
"bool": {
"must": { "match_all": {} },
"filter": {
"term": [‘adb’, ‘12']
}
}
}
}
判断字段是否存在
exists
7, 聚合查询
默认 limit 10
size : 0 为了不显示搜索结果
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "state.keyword"
}
}
}
}
相当于
SELECT state, COUNT(*) FROM bank GROUP BY state ORDER BY COUNT(*) DESC LIMIT 10;
2), 增加avg聚合
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "state.keyword",
"order": {
"average_balance": "desc"
}
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance"
}
}
}
}
}
}
3), from-to, 控制查询的返回数量, 其实就是分页
from: 从..开始
to: 到..结束
size: 10
GET /bank/_search
{
"size": 0,
"aggs": {
"group_by_age": {
"range": {
"field": "age",
"ranges": [
{
"from": 20,
"to": 30
},
{
"from": 30,
"to": 40
},
{
"from": 40,
"size": 10
}
]
},
"aggs": {
"group_by_gender": {
"terms": {
"field": "gender.keyword"
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance"
}
}
}
}
}
}
}
}
4), sort
get lagou/_search
{
'query': {
'match_all': {}
}
"sort": [{
"comments": {
"order": "asa"
}
}]
}
注意, 被排序的字段, 必须被存储, 即 stored: true