提示:使用 ElasticSearch 8.x 版本
参考文档:https://www.kancloud.cn/king_om/es001
文章目录
一、ElasticSearch基本操作
1. 索引操作
1. 新建索引
PUT http://127.0.0.1:9200/demo
返回:
{
"acknowledged": true, #true-表示创建成功
"shards_acknowledged": true, #true-分片成功
"index": "demo" #创建的索引名
}
2. 查看所有索引
GET http://127.0.0.1:9200/_cat/indices?v
返回:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size dataset.size
green open .internal.alerts-transform.health.alerts-default-000001 pkzi4ovITB26E3V4VVgV6A 1 0 0 0 249b 249b 249b
green open .internal.alerts-observability.logs.alerts-default-000001 XsNtyE9zQuW3Qn4Om0KJ3w 1 0 0 0 249b 249b 249b
green open .internal.alerts-observability.uptime.alerts-default-000001 4HXCL4S6Qkumh9p358N6uQ 1 0 0 0 249b 249b 249b
yellow open .ds-filebeat-8.16.1-2024.12.27-000002 StC2ojLjQ9mFH9oAjJLoNQ 1 1 47 0 42.1kb 42.1kb 42.1kb
green open .internal.alerts-ml.anomaly-detection.alerts-default-000001 xNfTDM8tTa2yT6Vv8RHuKQ 1 0 0 0 249b 249b 249b
green open .internal.alerts-observability.slo.alerts-default-000001 51h1AKtXRvKKKj6EOcYQ6A 1 0 0 0 249b 249b 249b
green open .internal.alerts-default.alerts-default-000001 snT-r7dAS82Aimo2jKXJGg 1 0 0 0 249b 249b 249b
green open .internal.alerts-observability.apm.alerts-default-000001 aT7-Qdg0Q_u4DYlYYpR3Ig 1 0 0 0 249b 249b 249b
yellow open demo m5giQYbOSFOGOF5O6MFBsQ 1 1 0 0 249b 249b 249b
green open .internal.alerts-observability.metrics.alerts-default-000001 UJkgdCLbTX2gxshnvWDwRA 1 0 0 0 249b 249b 249b
green open .kibana-observability-ai-assistant-conversations-000001 orTHQPbVTXSNUKkfUY2rQw 1 0 0 0 249b 249b 249b
green open .internal.alerts-ml.anomaly-detection-health.alerts-default-000001 erYFzmFRTCCxETIKDMZxoQ 1 0 0 0 249b 249b 249b
green open .internal.alerts-observability.threshold.alerts-default-000001 7b_HEyM7R5WIAzg4pN9Udw 1 0 0 0 249b 249b 249b
green open .internal.alerts-security.alerts-default-000001 je-CWx3wTem-64GISkciqQ 1 0 0 0 249b 249b 249b
green open .kibana-observability-ai-assistant-kb-000001 cCABNIe_Qn2hw8auY1zGEQ 1 0 0 0 249b 249b 249b
green open .internal.alerts-stack.alerts-default-000001 h816mn2-S0ujdr3IfzBh5g 1 0 0 0 249b 249b 249b
health:当前服务器健康状态:green(集群完整) 、yellow(单点正常、集群不完整) 、red(单点不正常)
status:索引打开、关闭状态
index:索引名
uuid:索引统一编号
pri:主分片数量
rep:副本数量
docs.count:可用文档数量
docs.deleted:文档删除状态(逻辑删除)
store.size:主分片和副分片整体占空间大小
pri.store.size:主分片占空间大小
3. 查看单个索引
GET http://127.0.0.1:9200/demo
返回:
{
"demo": { # 索引名
"aliases": {}, #别名
"mappings": {},
"settings": {
"index": {
"routing": {
"allocation": {
"include": {
"_tier_preference": "data_content"
}
}
},
"number_of_shards": "1", # 主分片数
"provided_name": "demo",
"creation_date": "1737091028665",
"number_of_replicas": "1", # 副分片数
"uuid": "m5giQYbOSFOGOF5O6MFBsQ", # 索引唯一标识
"version": {
"created": "8518000"
}
}
}
}
}
4. 删除索引
DELETE http://127.0.0.1:9200/demo
返回:
{
"acknowledged": true
}
2. 文档操作
1. 创建文档
PUT/POST http://127.0.0.1:9200/demo/_doc/1
{
"first_name" : "John",
"last_name" : "Smith",
"age" : 25,
"about" : "I love to go rock climbing",
"interests": [ "sports", "music" ]
}
返回:
{
"_index": "demo",
"_id": "1", # 如果路由中没有指定id,则会随机生成一个uuid。相当于mysql中主键
"_version": 1, #对同一个id的文档增加多次,每增加一次版本号增1
"result": "created", # created创建成功
"_shards": {
"total": 2, 2, # 分片总数
"successful": 1, # 分片成功次数
"failed": 0 # 分片失败次数
},
"_seq_no": 0,
"_primary_term": 1
}
2. 查看文档
GET http://127.0.0.1:9200/demo/_doc/1 #根据id查询
返回:
{
"_index": "demo",
"_id": "1",
"_version": 1,
"_seq_no": 0,
"_primary_term": 1,
"found": true,
"_source": {
"first_name": "John",
"last_name": "Smith",
"age": 25,
"about": "I love to go rock climbing",
"interests": [
"sports",
"music"
]
}
}
3. 修改文档
PUT/POST http://127.0.0.1:9200/demo/_doc/1
返回:
{
"_index": "demo",
"_id": "1",
"_version": 2, #对同一个id每修改一次,版本就会增1
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 1,
"_primary_term": 1
}
4. 修改字段
POST http://127.0.0.1:9200/demo/_update/1
{
"doc": {
"age" :40 #修改id为1的文档age为40
}
}
返回:
{
"_index": "demo",
"_id": "1",
"_version": 3,
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 2,
"_primary_term": 1
}
5. 删除文档
DELETE http://127.0.0.1:9200/demo/_doc/1
返回:
{
"_index": "demo",
"_id": "1",
"_version": 4,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 3,
"_primary_term": 1
}
3. 高级查询
新建一个student索引(新增5条数据):
PUT http://127.0.0.1:9200/student/_doc/1
{
"name": "张三",
"sex": "男",
"age": 18
}
......
1. 查询一个索引全部文档
GET http://127.0.0.1:9200/student/_search
返回:
{
"took": 7,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 5,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "student",
"_id": "1",
"_score": 1,
"_source": {
"name": "张三",
"sex": "男",
"age": 18
}
},
{
"_index": "student",
"_id": "2",
"_score": 1,
"_source": {
"name": "李四",
"sex": "男",
"age": 19
}
},
{
"_index": "student",
"_id": "3",
"_score": 1,
"_source": {
"name": "王五",
"sex": "男",
"age": 45
}
},
{
"_index": "student",
"_id": "5",
"_score": 1,
"_source": {
"name": "测试",
"sex": "女",
"age": 27
}
},
{
"_index": "student",
"_id": "4",
"_score": 1,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
2. 匹配查询
match 匹配类型查询,会把查询条件进行分词,然后进行查询,多个词条之间是 or 的关系
GET http://127.0.0.1:9200/student/_search?q=name:张三
或者
GET http://127.0.0.1:9200/student/_search
{
"query": {
"match": {
"name": "张三"
}
}
}
返回:
{
"took": 8,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 2.1261456,
"hits": [
{
"_index": "student",
"_id": "1",
"_score": 2.1261456,
"_source": {
"name": "张三",
"sex": "男",
"age": 18
}
},
{
"_index": "student",
"_id": "4",
"_score": 1.7792821,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
3. 字段匹配查询
multi_match 与 match 类似,不同的是它可以在多个字段中查询,多个字段是 or 关系
GET http://127.0.0.1:9200/student/_search
{
"query": {
"multi_match": {
"query": "张三",
"fields": [
"name",
"sex" #查找name=张三 或者 sex=张三(这种肯定不存在,只是举例)
]
}
}
}
返回:
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 2.1261456,
"hits": [
{
"_index": "student",
"_id": "1",
"_score": 2.1261456,
"_source": {
"name": "张三",
"sex": "男",
"age": 18
}
},
{
"_index": "student",
"_id": "4",
"_score": 1.7792821,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
4. 关键字精准查询
term 查询,精确的关键词匹配查询,不对查询条件进行分词
GET http://127.0.0.1:9200/student/_search
{
"query": {
"term": {
"sex": {
"value": "女"
}
}
}
}
返回:
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 0.6931471,
"hits": [
{
"_index": "student",
"_id": "5",
"_score": 0.6931471,
"_source": {
"name": "测试",
"sex": "女",
"age": 27
}
},
{
"_index": "student",
"_id": "4",
"_score": 0.6931471,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
5. 多关键字精确查询
terms 查询和 term 查询一样,但允许指定多值进行匹配
GET http://127.0.0.1:9200/student/_search
{
"query": {
"terms": {
"name": ["三", "五"]
}
}
}
返回:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 3,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "student",
"_id": "1",
"_score": 1,
"_source": {
"name": "张三",
"sex": "男",
"age": 18
}
},
{
"_index": "student",
"_id": "3",
"_score": 1,
"_source": {
"name": "王五",
"sex": "男",
"age": 45
}
},
{
"_index": "student",
"_id": "4",
"_score": 1,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
6. 查询指定字段
GET http://127.0.0.1:9200/student/_search?q=name:张三&_source=name,age
或者
GET http://127.0.0.1:9200/student/_search
{
"_source": ["name","age"],
"query": {
"terms": {
"name": ["四"]
}
}
}
返回:
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "student",
"_id": "2",
"_score": 1,
"_source": {
"name": "李四",
"age": 19
}
}
]
}
}
7. 过滤字段
GET http://127.0.0.1:9200/student/_search
{
"_source": {
"includes": ["name"] # includes:来指定想要显示的字段 excludes:来指定不想要显示的字段
},
"query": {
"terms": {
"name": ["三"]
}
}
}
8. 组合查询
bool 把各种其他查询通过 must(必须) must_not(必须不)shoukd(应该)的方式进行组合
GET http://127.0.0.1:9200/student/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"name": "三"
}
}
],
"must_not": [
{
"match": {
"age": 18
}
}
],
"should": [
{
"match": {
"sex": "男"
}
}
]
}
}
}
返回:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 0.88964105,
"hits": [
{
"_index": "student",
"_id": "4",
"_score": 0.88964105,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
}
}
]
}
}
9. 范围查询
gt:大于
gte:大于等于
lt:小于
lte:小于等于
GET http://127.0.0.1:9200/student/_search?q=age[40 TO 50]
GET http://127.0.0.1:9200/student/_search?q=age:>=40
或者
GET http://127.0.0.1:9200/student/_search
{
"query": {
"range": {
"age": {
"gte": 40,
"lte": 50
}
}
}
}
10. 字段排序
GET http://127.0.0.1:9200/student/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"age": {
"order": "desc" #年龄倒序输出
}
},
{
"_score": {
"order": "desc"
}
}
]
}
11. 高亮查询
pre_tags:前置标签
post_tags:后置标签
fields:需要高亮的字段
GET http://127.0.0.1:9200/student/_search
{
"query": {
"match": {
"name": "张三"
}
},
"highlight": {
"pre_tags": "<font color='red'>",
"post_tags": "</font>",
"fields": {
"name": {}
}
}
}
输出:
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 2.1261456,
"hits": [
{
"_index": "student",
"_id": "1",
"_score": 2.1261456,
"_source": {
"name": "张三",
"sex": "男",
"age": 18
},
"highlight": {
"name": [
"<font color='red'>张</font><font color='red'>三</font>"
]
}
},
{
"_index": "student",
"_id": "4",
"_score": 1.7792821,
"_source": {
"name": "张三丰",
"sex": "女",
"age": 20
},
"highlight": {
"name": [
"<font color='red'>张</font><font color='red'>三</font>丰"
]
}
}
]
}
}
12. 分页查询
from:当前页的起始索引 默认 0
size:每页显示多少条
GET http://127.0.0.1:9200/student/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"age": {
"order": "desc"
}
}
],
"from": 0,
"size": 2
}
13. 聚合查询
max:最大值,min:最小值,sum:求和,avg:平均值,cardinality:去重后求和
stats:对某个字段一次性返回count,max,min,avg,sum五个结果
GET http://127.0.0.1:9200/student/_search
{
"aggs": {
"max_age": {
"max": {"field": "age"}
}
},
"size": 0
}
14. 桶聚合查询
类似于Mysql中 group by 语句
GET http://127.0.0.1:9200/student/_search
{
"aggs": {
"age_groupby": {
"terms": {"field": "age"}
}
},
"size": 0
}
分组聚合:先分组再求和
{
"aggs": {
"age_groupby": {
"terms": {"field": "age"},
"aggs": {
"sum_age": {
"sum": {"field": "age"}
}
}
}
},
"size": 0
}
4. 映射操作
映射相当于mysql中的表
1. 创建映射
PUT http://127.0.0.1:9200/demo2/_mapping
{
"properties": {
"name": {
"type": "text",
"index": true
},
"sex": {
"type": "text",
"index": false
},
"age": {
"type": "long",
"index": false
}
}
}
type:数据类型
string
text:可分词
keyword:不可分词,数据作为完整的字段进行匹配
int
基本数据类型:long、integer、short、byte、double、float、half_float
高精度类型:scaled_float
Date:日期类型
Array:数组
Object:对象
index:索引
true:默认,字段会被索引,可以用来搜索
false:字段不会被索引,不能用来搜索
store:是否将数据独立存储,默认false,会占用更多的空间
analyzer:分词器
2. 查看映射
GET http://127.0.0.1:9200/demo2/_mapping
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
