1.索引模板
查看所有索引模板
GET 10.0.0.101:9200/_template
2.查看单个索引模板
GET 10.0.0.101:9200/_template/.monitoring-es
3.创建索引模板
POST 10.0.0.101:9200/_template/lxctp
{
"aliases": {
"DBA": {},
"SRE": {},
"K8S": {}
},
"index_patterns": [
"lxc*"
],
"settings": {
"index": {
"number_of_shards": 4,
"number_of_replicas": 1
}
},
"mappings": {
"properties":{
"ip_addr": {
"type": "ip"
},
"access_time": {
"type": "date"
},
"name": {
"type": "keyword"
}
}
}
}
以上模板为所有索引lxc开头的模板,设置了分片数量为4,副本数量为1,同时做了数据映射。
2.DSL
2.1查询,主要有如下三种,相比第一种,第二种是整词匹配,只会匹配名字为张天天的,第三种,则是匹配所有
{
"query":{
"match":{
"name":"张天天"
}
}
}
{
"query":{
"match_phrase":{
"name":"张天天"
}
}
}
{
"query":{
"match_all":{
}
}
}
2.2分页查询,"size":3表示每页展示三条数据, "from":9,表示跳过前面9条数据,从第10条开始展示,即第四页。
{
"query":{
"match":{
"name":"张天天"
}
},
"from":9
"size":3
}
2.3查看指定字段,之前查看的都是全部字段,可以用_source查看指定字段
如下,查看所有数据的price和name,字段顺序会影响显示的顺序
{
"query":{
"math_all":{
}
},
"_source":["price","name"]
}
效果等同于sql的select price,name from 表名
2.4查看指定字段是否存在
{
"query": {
"exists" : {
"field": "price"
}
}
}
如果price字段存在,则会显示所有结果,如果不存在,则不显示结果
2.5排序,将查出来数据,按price升序排序
{
"query": {
"match_all" : {
}
},
"price":{
"order": "asc"
}
}
上面语句作用类似于sql的select * from 表名 order by price asc;
降序排序则是desc
2.6多条件查询1:查看作者是张天天且商品价格为24.90(所有条件都满足)
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"auther": "张天天"
}
},
{
"match_phrase": {
"price": 24.90
}
}
]
}
}
}
多条件查询2:查看作者是张天天或李飞飞且商品价格为168或198(所有条件满足指定数量,这里是两个)
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"auther": "李飞飞"
}
},
{
"match_phrase": {
"auther": "张天天"
}
},
{
"match": {
"price": 168.00
}
},
{
"match": {
"price": 198.00
}
}
],
"minimum_should_match": 2
}
}
}
多条件查询3:查询作者不是李飞飞和张天天,商品价格为9.9或19.9,省份为内蒙古
{
"query": {
"bool": {
"must_not": [
{
"match_phrase": {
"auther": "于萌"
}
},
{
"match_phrase": {
"auther": "高超"
}
}
],
"should": [
{
"match": {
"price": 9.9
}
},
{
"match": {
"price": 19.9
}
}
],
"minimum_should_match": 1,
"must": [
{
"match": {
"province": "内蒙古"
}
}
]
}
}
}
过滤
{
"query":{
"bool":{
"filter":{
"range": {
"price": {
"gte": 3599,
"lte": 10500
}
}
}
}
}
}
聚合查询(统计最大价格,最小价格,平均价格,价格总和)
{
"aggs": {
"shopping_max": {
"max": {
"field": "price"
}
},
"shopping_min": {
"min": {
"field": "price"
}
},
"shopping_avg": {
"avg": {
"field": "price"
}
},
"shopping_sum": {
"sum": {
"field": "price"
}
}
},
"size": 0
}
另外一个聚合查询,统计数量
{
"aggs": {
"shopping_group": {
"terms":{
"field": "group"
}
}
},
"size": 0
}
3.集群数据迁移
3.1集群内数据迁移:
POST 10.0.0.101:9200/_reindex
{
"source": {
"index": "shopping"
},
"dest": {
"index": "shopping-new"
}
}
3.2不同集群数据迁移
es6迁移es7,es7端口9200,es6端口19200
1.所有节点修改配置文件并重启服务
vim /etc/elasticsearch/elasticsearch.yml
添加:reindex.remote.whitelist: "10.0.0.*:19200"
systemctl restart elasticsearch.service
2.迁移数据:POST http://10.0.0.101:9200/_reindex
{
"source": {
"index": "old",
"remote": {
"host": "http://10.0.0.101:19200"
},
"query": {
"bool": {
"filter": {
"range": {
"age": {
"gt": 25
}
}
}
}
}
},
"dest": {
"index": "newmessage"
}
}
4.ES集群健康状态API
_cluster/health
curl http://10.0.0.103:9200/_cluster/health
curl http://10.0.0.103:9200/_cluster/health 2>/dev/null| jq
查看集群状态
curl http://10.0.0.103:9200/_cluster/health 2>/dev/null| jq .status
查看集群活跃分片百分比
curl http://10.0.0.103:9200/_cluster/health 2>/dev/null| jq .active_shards_percent_as_number
5.分片的重路由
(1)将indexa"索引的0号分片从elk102节点移动到elk101节点。
POST http://10.0.0.101:9200/_cluster/reroute
{
"commands": [
{
"move": {
"index": "indexa",
"shard": 0,
"from_node": "elk101.lxcedu.com",
"to_node": "elk102.lxcedu.com"
}
}
]
}
(2)取消副本分片的分配,其副本会重新初始化分配。
POST http://10.0.0.101:9200/_cluster/reroute
{
"commands": [
{
"cancel": {
"index": "indexaa",
"shard": 0,
"node": "elk103.lxcedu.com"
}
}
]
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
