1、es基础查询
1.1 准备数据
# 准备数据
PUT test_index/_doc/1
{
"name":"顾老二",
"age":30,
"from": "gu",
"desc": "皮肤黑、武器长、性格直",
"tags": ["黑", "长", "直"]
}
PUT test_index/_doc/2
{
"name":"大娘子",
"age":18,
"from":"sheng",
"desc":"肤白貌美,娇憨可爱",
"tags":["白", "富","美"]
}
PUT test_index/_doc/3
{
"name":"龙套偏房",
"age":22,
"from":"gu",
"desc":"mmp,没怎么看,不知道怎么形容",
"tags":["造数据", "真","难"]
}
PUT test_index/_doc/4
{
"name":"石头",
"age":29,
"from":"gu",
"desc":"粗中有细,狐假虎威",
"tags":["粗", "大","猛"]
}
PUT test_index/_doc/5
{
"name":"魏行首",
"age":25,
"from":"广云台",
"desc":"仿佛兮若轻云之蔽月,飘飘兮若流风之回雪,mmp,最后竟然没有嫁给顾老二!",
"tags":["闭月","羞花"]
}
1.2 match和term
match 和 term 中必须要加条件,但是我们有时候需要查询所有,不带条件,需要用到 match_all
match:会将查询条件分词,然后进行查询。会先对搜索词进行分词,比如“白雪公主和苹果”,会分成“白雪”“公主”“苹果”。含有相关内容的字段,都会被检索出来。
term:会将查询条件完整的匹配相关字段,"=="
1.3 match_all
# 查询所有
GET test_index/_search
{
"query": {
"match_all": {}
}
}
1.4 前缀查询match_phrase_prefix
# 查英文 beautiful --->be开头的---》能查到
GET test_index/_search
{
"query": {
"match_phrase_prefix": {
"name": "顾"
}
}
}
1.5 match_phrase。短语模糊查询,即它会将给定的短语(phrase)当成一个完整的查询条件。match_phrase与slop一起用,能保证分词间的邻近关系,slop参数告诉match_phrase查询词条能够相隔多远时仍然将文档视为匹配,默认是0。为0时必须相邻才能被检索出来。
# 会分词,分词完成后,如果写了slop,会按分词之间间隔是slop数字去抽
GET t1/doc/_search
{
"query": {
"match_phrase": {
"title": {
"query": "中国世界",
"slop": 2
}
}
}
}
1.6 多条件查询,或的关系
# 只要name或者desc中带龙套就查出来
GET test_index/_search
{
"query": {
"multi_match": {
"query": "龙套",
"fields": ["name", "desc"]
}
}
}
1.7指定查询字段
GET test_index/_search
{
"query": { "match_all": {} },
"_source": ["id", "createTime"]
}
1.8 wildcard通配符查询。match_phrase与slop一起用,能保证分词间的邻近关系,slop参数告诉match_phrase查询词条能够相隔多远时仍然将文档视为匹配,默认是0。为0时 必须相邻才能被检索出来。与mysql中的 Like 是一个套路,可以在查询时,在字符串中指定通配符*和占位符?Wildcard 性能会比较慢。如果非必要,尽量避免在开头加通配符 ? 或者 *,这样会明显降低查询性能
{
"wildcard": {
"form_name.keyword": "*very*"
}
}
# 查询的内容非空
{
"wildcard": {
"form_name": "*"
}
}
1.9 查看分词结果
# fieldName可以字段名,也可以是字段名.
http://localhost:9200/{index}/{type}/{id}/_termvectors?fields={fieldName}
http://localhost:9200/a_index_text/_doc/n1A6ioUBFQ9q5qTUK1mH/_termvectors?fields=phone.short_char
2、Elasticsearch之排序查询
# 结构化查询
GET test_index/_search
{
"query": {
"match": {
"name": "zz"
}
}
}
# 排序查询---》可以按多个排序条件-->sort的列表中继续加
GET test_index/_search
{
"query": {
"match": {
"from": "gu"
}
},
"sort": [
{
"age": {
"order": "asc"
}
}
]
}
# 不是所有字段都可以排序--->只能是数字字段
3、Elasticsearch之分页查询
# from 和 size,from表示偏移量,从0开始,size表示每页显示的数量
GET test_index/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"age": {
"order": "desc"
}
}
],
"from": 3,
"size": 2
}
4、Elasticsearch之布尔查询
# must(and) should(or) must_not(not) filter
# must条件 and条件
GET test_index/_search
{
"query": {
"bool": {
"must": [
{
"match": {
# 模糊查询
"from": "sheng"
#精确查询
# "from.keyword": "sheng"
}
},
{
"match": {
"age": 18
}
}
]
}
}
}
"""
# 咱们认为的and查询,但是实际不行
GET test_index/_search
{
"query": {
"match": {
"from": "sheng",
"age":18
}
}
}
"""
# shoud or 条件---》搜索框,就是用它
GET test_index/_search
{
"query": {
"bool": {
"should": [
{
"match": {
"from": "sheng"
}
},
{
"match": {
"age": 22
}
}
]
}
}
}
# must_not 既不是也不是
GET test_index/_search
{
"query": {
"bool": {
"must_not": [
{
"match": {
"from": "gu"
}
},
{
"match": {
"tags": "可爱"
}
},
{
"match": {
"age": 18
}
}
]
}
}
}
# 查询 from为gu,age大于25的数据怎么查 filter /gt> lt< lte=
GET test_index/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"from": "gu"
}
}
],
"filter": {
"range": {
"age": {
"lt": 25
}
}
}
}
}
}
# age字段等于40且state字段不包含ID的文档
GET test_index/_search
{
"query": {
"bool": {
"must": [
{ "match": { "age": "40" } }
],
"must_not": [
{ "match": { "state": "ID" } }
]
}
}
}
5、Elasticsearch之查询结果过滤
# 只查某几个字段
GET test_index/_search
{
"query": {
"match": {
"name": "顾老二"
}
},
"_source": ["name", "age"]
}
6、Elasticsearch之高亮查询
# 默认高亮
GET test_index/_search
{
"query": {
"match": {
"name": "石头"
}
},
"highlight": {
"fields": {
"name": {}
}
}
}
# 自定义高亮
GET test_index/_search
{
"query": {
"match": {
"from": "gu"
}
},
"highlight": {
"pre_tags": "<b class='key' style='color:red'>",
"post_tags": "</b>",
"fields": {
"from": {}
}
}
}
7、Elasticsearch之聚合函数
# avg max min sum
# avg 求平均年龄
GET test_index/_search
{
"query": {
"match": {
"from": "gu"
}
},
"aggs": {
"my_avg": {
"avg": {
"field": "age"
}
}
},
"_source": ["name", "age"]
}
# 对搜索结果进行聚合,使用aggs来表示,类似于MySql中的group by,例如对name字段进行聚合,统计出相同name的文档数量
GET test_index/_search
{
// 不显示命中(hits)的所有文档信息
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "name.keyword"
}
}
}
}
# 结果
{
"took" : 170,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"group_by_vin" : {
"doc_count_error_upper_bound" : 33265,
"sum_other_doc_count" : 1767999,
"buckets" : [
{
"key" : "第1天签到",
"doc_count" : 4123788
},
{
"key" : "第2天签到",
"doc_count" : 2237997
},
{
"key" : "第3天签到",
"doc_count" : 1842282
},
{
"key" : "第4天签到",
"doc_count" : 1615952
},
{
"key" : "第5天签到",
"doc_count" : 1466083
},
{
"key" : "第6天签到",
"doc_count" : 1365050
},
{
"key" : "第7天签到",
"doc_count" : 1275374
},
{
"key" : "食材临期即时提醒",
"doc_count" : 321093
},
{
"key" : "解锁多种智能模式",
"doc_count" : 289915
},
{
"key" : "远程操控冰箱温度",
"doc_count" : 282822
}
]
}
}
}
# 嵌套聚合,例如对name字段进行聚合统计出相同name的文档数量,再统计出聚合之后的age的平均值
GET test_index/_search
{
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "name.keyword"
},
"aggs": {
"average_age": {
"avg": {
"field": "age.keyword"
}
}
}
}
}
}
# 结果
{
"took" : 558,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"group_by_vin" : {
"doc_count_error_upper_bound" : 33265,
"sum_other_doc_count" : 1767999,
"buckets" : [
{
"key" : "第1天签到",
"doc_count" : 4123788,
"average_age" : {
"value" : null
}
},
{
"key" : "第2天签到",
"doc_count" : 2237997,
"average_age" : {
"value" : null
}
},
{
"key" : "第3天签到",
"doc_count" : 1842282,
"average_age" : {
"value" : null
}
},
{
"key" : "第4天签到",
"doc_count" : 1615952,
"average_age" : {
"value" : null
}
},
{
"key" : "第5天签到",
"doc_count" : 1466083,
"average_age" : {
"value" : null
}
},
{
"key" : "第6天签到",
"doc_count" : 1365050,
"average_age" : {
"value" : null
}
},
{
"key" : "第7天签到",
"doc_count" : 1275374,
"average_age" : {
"value" : null
}
},
{
"key" : "食材临期即时提醒",
"doc_count" : 321093,
"average_age" : {
"value" : null
}
},
{
"key" : "解锁多种智能模式",
"doc_count" : 289915,
"average_age" : {
"value" : null
}
},
{
"key" : "远程操控冰箱温度",
"doc_count" : 282822,
"average_age" : {
"value" : null
}
}
]
}
}
}
# 对聚合搜索的结果进行排序,例如对name字段进行聚合统计出相同name的文档数量,再统计出聚合之后的age的平均值,按age的平均值降序排列
GET test_index/_search
{
"size": 0,
"aggs": {
"group_by_vin": {
"terms": {
"field": "name.keyword",
"order": {
"average_age": "desc"
}
},
"aggs": {
"average_age": {
"avg": {
"field": "age.keyword"
}
}
}
}
}
}
# 按字段值的范围进行分段聚合,例如分段范围为age字段的[20,30] [30,40] [40,50],之后按gender统计文档个数和balance的平均值
GET test_index/_search
{
"size": 0,
"aggs": {
"group_by_age": {
"range": {
"field": "age",
"ranges": [
{
"from": 20,
"to": 30
},
{
"from": 30,
"to": 40
},
{
"from": 40,
"to": 50
}
]
},
"aggs": {
"group_by_gender": {
"terms": {
"field": "gender.keyword"
},
"aggs": {
"average_balance": {
"avg": {
"field": "balance.keyword"
}
}
}
}
}
}
}
}
# 根据name进行分组,并且取前20个
GET test_index/_search
{
"size": 0,
"aggs": {
"group_by_vin": {
"terms": {
"field": "name.keyword",
# 取前20个
"size": 20
}
}
}
}
}
# 多个平行聚合
GET test_index/_search
{
"size": 0,
"aggs": {
"my-agg-name": {
"terms": {
"field": "requestUrl.keyword",
"size": 5
}
},
"my-agg-name2": {
"terms": {
"field": "requestHeader.clientId.keyword",
"size": 5
}
}
}
}
# 结果
{
"took" : 6180,
"timed_out" : false,
"num_reduce_phases" : 2,
"_shards" : {
"total" : 624,
"successful" : 624,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"my-agg-name2" : {
"doc_count_error_upper_bound" : 9661,
"sum_other_doc_count" : 89146934,
"buckets" : [
{
"key" : "callcenter",
"doc_count" : 147486013
},
{
"key" : "duomai",
"doc_count" : 49268821
},
{
"key" : "service_employee",
"doc_count" : 42791694
}
]
},
"my-agg-name" : {
"doc_count_error_upper_bound" : 1819770,
"sum_other_doc_count" : 236828042,
"buckets" : [
{
"key" : "/api/ecoc/v1/kafkaSend/duoMaiExcute",
"doc_count" : 49263156
},
{
"key" : "/api/admin/oauth/token",
"doc_count" : 48386545
},
{
"key" : "/api/dss/userLable/v2/getUserLable",
"doc_count" : 42795064
}
]
}
}
}
# 根据requestUrl进行分组,只取前10个,然后对每个没组里的数据按照@timestamp倒序排列取一条数据(数据里包含requestTime,requestUrl,requestHeader.clientId三个字段),对10条数据分页查询,每页2条;统计所有不同requestUrl的数量
GET rest_logs-*/_search
{
"query": {
"match_all": {}
},
"aggs": {
# 统计所有requestUrl不同的总数
"count": {
"cardinality": {
"field": "requestUrl.keyword"
}
},
"requestUrl_agg": {
"terms": {
# 按照requestUrl分组
"field": "requestUrl.keyword",
# 取10条
"size": 10,
# 按照分组里的数量倒序排列
# 如果是按照分组字段排序,则使用_key
"order": {
"_count": "desc"
}
},
"aggs": {
# 自定义名称
"group_sort": {
"top_hits": {
# 排序
"sort": [
{
# 分组里按照@timestamp倒序排列
"@timestamp": {
"order": "desc"
}
}
],
# 分组里的数据,排序后取值的字段
"_source": {
"includes": [
"requestTime",
"requestUrl",
"requestHeader.clientId"
]
},
# 取一条数据,不取一条会报错
# 报的错:numHits must be > 0; please use TotalHitCountCollector if you just need the total hit count
"size": 1
}
},
# 分页查询
"bucket_sort": {
"bucket_sort": {
"sort": [],
# 从哪个位置开始取,offset
"from": 0,
# 每页的数量
"size": 2
}
}
}
}
},
# 此处的size和from没用了
"size": 0,
"from": 0
}
# 结果
{
"took" : 3719,
"timed_out" : false,
"num_reduce_phases" : 2,
"_shards" : {
"total" : 624,
"successful" : 624,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"count" : {
"value" : 221
},
"requestUrl_agg" : {
"doc_count_error_upper_bound" : 121353,
"sum_other_doc_count" : 57937638,
"buckets" : [
{
"key" : "/api/admin/oauth/token",
"doc_count" : 49542152,
"group_sort" : {
"hits" : {
"total" : {
"value" : 49542152,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "rest_logs-2023.01.05",
"_type" : "_doc",
"_id" : "kxcNgYUBn8gePaBo6-bM",
"_score" : null,
"_source" : {
"requestTime" : "2023-01-05 16:30:51",
"requestUrl" : "/api/admin/oauth/token"
},
"sort" : [
1672907451313
]
}
]
}
}
},
{
"key" : "/api/ecoc/v1/kafkaSend/duoMaiExcute",
"doc_count" : 49333145,
"group_sort" : {
"hits" : {
"total" : {
"value" : 49333145,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "rest_logs-2023.01.05",
"_type" : "_doc",
"_id" : "ghcNgYUBn8gePaBo6-bM",
"_score" : null,
"_source" : {
"requestTime" : "2023-01-05 16:30:51",
"requestUrl" : "/api/ecoc/v1/kafkaSend/duoMaiExcute",
"requestHeader" : {
"clientId" : [
"duomai"
]
}
},
"sort" : [
1672907451132
]
}
]
}
}
}
]
}
}
}
8、创建更新删除操作
8.1、创建索引并查看
PUT test_index
GET /_cat/indices?v
8.2、删除索引并查看
DELETE test_index
GET /_cat/indices?v
8.3、查看文档类型
GET test_index/_mapping
8.4、在索引中添加文档
PUT test_index/1
{
"vin": "B1293049555"
}
8.5、在索引中查看文档
GET /decode/resolve/1
8.6、在索引中修改文档
POST test_index/1/_update
{
"doc": { "vin": "A1299405555" }
}
8.7、在索引中删除文档
DELETE test_index/1
8.8、在索引中批量操作文档
POST test_index/_bulk
{"index":{"_id":"1"}}
{"name": "aaaa" }
{"index":{"_id":"2"}}
{"name": "bbbb" }
8.9、创建一个数据模型样例(包含index、type、field):
PUT test_index
{
"settings":{
"index":{
"number_of_shards":3,
"number_of_replicas":0
}
},
"mappings":{
"resolve":{
"properties":{
"id":{
"type":"keyword"
},
"name":{
"type":"keyword"
},
"gender":{
"type":"keyword"
},
"carBrandId":{
"type":"text"
},
"balance":{
"type":"int"
},
"age":{
"type":"int"
},
"address":{
"type":"keyword"
},
"craeteTime":{
"type":"date"
},
"statusId":{
"type":"keyword"
},
"enable":{
"type":"boolean"
}
}
}
}
}
8.10、Elasticsearch给type增加一项field
PUT test_index/_mapping
{
"properties": {
"fieldName":{
"type":"boolean"
}
}
}
PUT test_index/_mappings
{
"properties": {
"fieldName":{
"type":"boolean"
}
}
}
https://zhuanlan.zhihu.com/p/521027165
https://blog.csdn.net/qq_41911898/article/details/110089644
标签:count,index,doc,age,查询,语法,match,test,es From: https://www.cnblogs.com/eternityz/p/17039201.html