elastic 之所以日此快(甚至比mysql主键查询还要快)是因为使用了倒排索引,简单说是由属性值来确定记录的位置。Elasticsearch 还做了许多针对性的优化,当我们对两个字段进行检索时,就可以利用 Bitmap(有值为1,无值为0)进行优化and查询直接通过位与计算便可得出结果。
Name Posting List name=zhangsan [1,3,5] age=18 [1,2,4,5] [1, 3, 5] ⇒ 10101 [1, 2, 4, 5] ⇒ 11011
- 这样两个二进制数组求与便可得出结果:
10001 ⇒ [1, 5]
创建
PUT rpt_nginx_log
{
"mappings": {
"properties": {
"userinfo": {
"type": "nested",
"properties": {
"id": {
"type": "integer"
},
"regtime": {
"type": "date",
"format":"yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
},
"name": {
"type": "text"
}
}
},
"log_ip": {
"type": "ip"
},
"os": {
"type": "text"
},
"log_time": {
"type": "date",
"format":"yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
},
"status ": {
"type": "integer"
}
}
}
}
删除
清空内容
POST rpt_nginx_log/_delete_by_query
{
"query": {
"match_all": {}
}
}
删除索引
DELETE rpt_nginx_log/_query
查询
should 、must、must_not… 同级
不为空 至少满足其中一个
- minimum_should_match:至少满足n项
- should:应该
- exists:不为空
POST rpt_nginx_log/_search
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"exists": {
"field": "uid"
}
},
{
"exists": {
"field": "anoyu"
}
}
]
}
},
"_source": [
"log_ip",
"os",
"userinfo.name"
]
}
- mush
- match
- range
#match
POST rpt_nginx_log/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"user_url": {
"query": "国最高",
"operator": "and" /*分析关系*/
}
}
},
{
"terms": {
"uid" : [18587, 29004]
}
}
]
}
}
}
# range
GET rpt_nginx_log/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"log_time": {
"gte": "2021-01-03 22:11:00",
"lte": "2021-01-03 22:12:00"
}
}
}
]
}
}
}
模糊查询
#模糊查询
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"imgae": {
"value": "*https*"
}
}
}
]
}
}
}
聚合查询
查询后二次处理
# aggs
# res_name:结果名字
# terms:类型分组\统计\平均值等(terms|stats|avg...)
# field: "字段"
GET rpt_nginx_log/_search
{
"query": {
"bool": {
"must": [
{
"exists": {
"field": "uid"
}
}
]
}
},
"aggs": {
"res_name": {
"terms": {
"field": "uid",
"size":30
},
}
},
"_source": [
"userinfo.nickname",
"userinfo.vip",
"uid"
]
}
添加
POST
POST rpt_nginx_log/_doc
{
"brower" : "Chrome Mobile(41.0)",
"orderby" : "panjuejine|asc",
"os" : "iOS",
"body_bytes" : "279526",
"referer" : "-",
"user_url" : "https://www.iphouse.cn/cases/list.html?anyouid=101&orderby=panjuejine|asc",
"log_ip" : "52.80.69.60",
"http_v" : "HTTP/1.1",
"anyouid" : "101",
"status" : "200",
"forward" : "-",
"mothod" : "GET",
"log_time" : "2021-01-03 13:48:08",
"url_para" : "anyouid=101&orderby=panjuejine|asc"
}
修改
# 批量修改
# script
POST rpt_nginx_log/_update_by_query
{
"query": {
"bool": {
"must": [
{
"terms": {
"uid" : [16593,17307,17462,17511,17549,17692,17766,17848,17948,17949,17997,18007]
}
}
]
}
},
"script": {
"source": "ctx._source.anyou = 'anyou';ctx._source.userinfo.userid = 12;ctx._source.userinfo.userid=ctx._source.userinfo.port;"
}
}
# 一定不要有_source:会覆盖
# "_source": [
# "userinfo.nickname",
# "userinfo.vip",
# "uid"
# ]
添加字段
POST rpt_nginx_log/_mapping
{
"properties": {
"field_name": {
"type": "keyword"
}
}
}
其他
# 与query 同级 获取真实总条数
"track_total_hits": true,