一、安装
es端口:9200
kibana端口:5601brew install elasticsearchbrew install elasticsearchbrew services start elasticsearchbrew services start kibana
二、elastic交互-基本
1、集群信息
访问数据模式REST
/ / /
查看集群健康检查
$ curl -X GET "localhost:9200/_cat/health?v"epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent1551424260 07:11:00 elasticsearch_yjn green 1 1 0 0 0 0 0 0 - 100.0%
查看节点列表
$ curl -X GET "localhost:9200/_cat/nodes?v"ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name127.0.0.1 24 99 23 2.89 mdi * d-0YrG2
查看所有指数
$ curl -X GET "localhost:9200/_cat/indices?v"health status index uuid pri rep docs.count docs.deleted store.size pri.store.sizegreen open .kibana_1 oRuiVW1wSbWyFK4Wu0k6MA 1 0 1 0 3.6kb 3.6kb
2、索引
创建索引index
PUT /customer?prettyGET /_cat/indices?vhealth status index uuid pri rep docs.count docs.deleted store.size pri.store.sizegreen open .kibana_1 oRuiVW1wSbWyFK4Wu0k6MA 1 0 1 0 3.6kb 3.6kbyellow open customer Fe4Y2hU2Rcek0kl7SYZoKQ 5 1 0 0 1.1kb 1.1kb
- 目前只有一个节点,默认为此索引值创建了一个副本,所以为黄色。
删除索引
DELETE /customer?pretty
3、文档
索引文档
PUT /customer/_doc/1?pretty{ "name": "John Doe"} 结果
{ "_index" : "customer", "_type" : "_doc", "_id" : "1", "_version" : 1, "result" : "created", "_shards" : { "total" : 2, "successful" : 1, "failed" : 0 }, "_seq_no" : 0, "_primary_term" : 1} 查询
GET /customer/_doc/1?pretty{ "_index" : "customer", "_type" : "_doc", "_id" : "1", "_version" : 1, "_seq_no" : 0, "_primary_term" : 1, "found" : true, "_source" : { "name" : "John Doe" }} 替换文档
POST /customer/_doc?pretty{ "name": "Jane Doe"} - 不指定id会随机产生一个id,创建相同id的已经存在就会被替换。
更新文档
POST /customer/_doc/1/_update?pretty{ "doc": { "name": "Jane Doe", "age": 20 }} - 结果:
GET /customer/_doc/1?pretty{ "_index" : "customer", "_type" : "_doc", "_id" : "1", "_version" : 3, "_seq_no" : 2, "_primary_term" : 1, "found" : true, "_source" : { "name" : "Jane Doe", "age" : 20 }} 使用脚本更新文档:
POST /customer/_doc/1/_update?pretty{ "script" : "ctx._source.age += 5"} - 结果:
GET /customer/_doc/1?pretty{ "_index" : "customer", "_type" : "_doc", "_id" : "1", "_version" : 4, "_seq_no" : 3, "_primary_term" : 1, "found" : true, "_source" : { "name" : "Jane Doe", "age" : 25 }} 删除文档:
DELETE /customer/_doc/2?pretty
批量处理
POST /customer/_doc/_bulk?pretty{"index":{"_id":"1"}}{"name": "John Doe" }{"index":{"_id":"2"}}{"name": "Jane Doe" }POST /customer/_doc/_bulk?pretty{"update":{"_id":"1"}}{"doc": { "name": "John Doe becomes Jane Doe" } }{"delete":{"_id":"2"}}GET /customer/_doc/_search Bulk API不会因其中一个操作失败而失败,如果单个操作因任何原因失败,它将继续处理其后的其余操作。
批量API返回时,它将为每个操作提供一个状态(按照发送的顺序),以便您可以检查特定操作是否失败。状态:"result" : "noop"(created,deleted,updated,not_found")
4、数据集处理例子
添加数据集
curl -H "Content-Type: application/json" -XPOST "localhost:9200/bank/_doc/_bulk?pretty&refresh" --data-binary "@accounts.json"curl "localhost:9200/_cat/indices?v"
查询
GET /bank/_search?q=*&sort=account_number:asc&pretty
- q=* 表示匹配索引中的所有文档
- sort=account_number:asc 结果按照account_number升序排序
- pretty 好看的格式 使用查询表达式:结果同上
GET /bank/_search{ "query": { "match_all": {} }, "sort": [ { "account_number": "asc" } ]} 结果分析:
{ "took" : 8, #es执行搜索的时间ms "timed_out" : false, #是否超时 "_shards" : { "total" : 5, #搜索到了多少分片 "successful" : 5, #成功的分片数 "skipped" : 0, "failed" : 0 }, "hits" : { #查询结果 "total" : 1000, #符合条件的文档总数 "max_score" : null, "hits" : [ { #实际的搜索结果数组(默认前10个文档) "_index" : "bank", "_type" : "_doc", "_id" : "0", "sort": [0], "_score" : null, "_source" : {"account_number":0,"balance":16623,"firstname":"Bradshaw","lastname":"Mckenzie","age":29,"gender":"F","address":"244 Columbus Place","employer":"Euron","email":"bradshawmckenzie@euron.com","city":"Hobucken","state":"CO"} }, { "_index" : "bank", "_type" : "_doc", "_id" : "1", "sort": [1], "_score" : null, "_source" : {"account_number":1,"balance":39225,"firstname":"Amber","lastname":"Duke","age":32,"gender":"M","address":"880 Holmes Lane","employer":"Pyrami","email":"amberduke@pyrami.com","city":"Brogan","state":"IL"} }, ... ] }} 5、查询
查询语言
GET /bank/_search{ "query": { "match_all": {} }, "from": 10, "size": 10} - from:从那个文档索引开始,不指定from默认为0
- size:从from开始返回的文档数
GET /bank/_search{ "query": { "match_all": {} }, "sort": { "balance": { "order": "desc" } }} - 按照balance降序排序
更复杂的查询
GET /_all/tweet/_search?q=name:(mary john) +date:>2014-09-10 +(aggregations geo)
- _all在所有索引中
- 在tweet类型中
- name 字段中包含 mary 或者 john
- date 值大于 2014-09-10
- _all 字段包含 aggregations 或者 geo
6、聚合
GET /bank/_search{ "size": 0, "aggs": { "group_by_state": { "terms": { "field": "state.keyword", "order": { "average_balance": "desc" } }, "aggs": { "average_balance": { "avg": { "field": "balance" } } } } }} 三、分析器
测试分析器
可以使用 analyze API 来看文本是如何被分析的
GET /_analyze{ "analyzer": "standard", "text": "Text to analyze"} 结果:
token 是实际存储到索引中的词条。 position 指明词条在原始文本中出现的位置。 start_offset 和 end_offset 指明字符在原始字符串中的位置。映射
查看索引bank类型_doc的映射
GET /bank/_mapping/_doc
四、请求体查询 及 五、排序与相关性
:
(https://www.cnblogs.com/yangjianan/p/10525925.html)