Kibana操作ES(Elasticsearch)数据库基础语法（增删改查）

前言

网上关于Kibana操作ES的语句少之又少，好的文章更是凤毛麟角，所以打算自己记录一下以备不时之需。

一、增加

POST your_index/_doc/
 {
          "字段1" : 内容1,
          "字段2" : 内容2,
          "字段3" : 内容3,
          "字段4" : 内容4
     	  ...........
}

例如：

POST your_index/_doc/
 {
          "study_plan_id" : 40452,
          "study_type" : "研修活动-作业提交",
          "create_time" : "2024-04-29 09:15:18",
          "project_id" : 306,
          "user_id" : 69892 
}

二、修改

1. 单个修改，这种方式适用于知道索引id的情况下单个修改

POST your_index/_update/索引ID(_id)
{
  "doc": {
    "字段1": 内容1,
    "字段2": 内容2,
    "字段3": 内容3
  }
}

例如：

POST your_index/_update/YNyhPYkBCgyhOj3WdBWq
{
  "doc": {
    "userName": "张三",
    "age":21,
    "sex":"男"
  }
}

2. 批量修改

POST your_index/_update_by_query
{
  "script":{
    "source":"ctx._source['字段1']=值;ctx._source['字段1']='值'"
  },
  "query": {     
    "bool": {
      "must": [
        {
          "terms": {
            "筛选条件1": [值]
          }
        },{
          "terms": {
            "筛选条件1": [值]
          }
        }
      ]
    }
  }
}

例如：
单条件单字段批量修改

POST your_index/_update_by_query
{
  "script":{
    "source":"ctx._source['review_type']='1'"
  },
  "query": {     
    "bool": {
      "must": [
        {
          "terms": {
            "activity_link_id": [123456]
          }
        }
      ]
    }
  }
}

多条件多字段批量修改

POST your_index/_update_by_query
{
  "script":{
    "source":"ctx._source['review_type']='1';ctx._source['status']='0'"
  },
  "query": {     
    "bool": {
      "must": [
        {
          "terms": {
            "activity_link_id": [123456]
          }
        },{
          "terms": {
            "project_id": [2024]
          }
        }
      ]
    }
  }
}

三、删除

1. 单个删除

DELETE your_index/_doc/索引ID

例如

DELETE your_index/_doc/rtxPuYgBjm5nNaFGW3rt

2. 批量删除

POST your_index/_delete_by_query
{
  "query": {     
    "bool": {
      "must": [
         {
          "terms": {
            "字段1": [值]
          }
        }
      ]
    }
  }
}

例如：

POST your_index/_delete_by_query
{
  "query": {     
    "bool": {
      "must": [
         {
          "terms": {
            "project_id": [1024]
          }
        }
      ]
    }
  }
}

四、查询

1. 基础查询

GET your_index/_search
{
  "_source": ["字段1","字段2"],//需要显示的字段，单字段不用[] 如："_source": "_id",
  "track_total_hits": true,//true 会显示总条数，默认是false 超过1000只显示1000 
  "query": {    
    "bool": {
      "must": [
      {
          "terms": {  //term：条件只能输入一个等于mysql 中 "=" 的作用，条件不能用[]，terms 等于" in() " 必须使用[] 
            "字段1": [筛选条件1]
          }
        }
      ]
    }
  },"from": 0,	//页码
  "size": 200 //显示条数
}

例如：

GET your_index/_search
{
  "_source": ["score","user_id"],
  "track_total_hits": true,
  "query": {    
    "bool": {
      "must": [
       {
          "terms": {
            "project_id": [1024]
          }
        }
      ]
    }
  },"from": 0,
  "size": 2400
}

2. must_not 不包含，not in()

GET your_index/_search
{
  "query": {    
    "bool": {
      "must": [
       {
          "terms": {
            "project_id": [2649]
          }
        },
        {
          "terms": {
            "is_complete": [1]
          }
        }
      ],
      "must_not": [
        {
          "terms": {
            "user_id": [6145019,6144989,6144940,6144970,6144951,6145139]
          }
        }
      ]
    }
  },"from": 0,
  "size": 600
}

3. group_by_key

GET your_index/_search
{
  "track_total_hits": true,
  "query": {     
    "bool": {
      "must": [
       {
          "terms": {
            "project_id": [1024]
          }
        },{
          "terms": {
            "user_id": [2488184]
          }
        }
      ]
    }
  },"size" : 0,
    "aggs": {
       "group_by_key": {
          "terms": {
             "field": "user_id"
          }
       }
    }
}

4. sort排序，order by

GET /your_index/_search
{
  "query": {
    "match": {
      "project_id": "3065"
    }
  },
  "sort": [
    {
      "create_time": {
        "order": "asc"  // 或 "desc" 进行降序排序
      }
    }
  ]
}

总结

欢迎大家留言更多好的文章，相互学习。
码海无涯，回头是岸。