索引

  • 查看某节点的全部索引 
    1

    curl http://127.0.0.1:9200/_cat/indices?v
  • 新建 index 
    1

    curl -X PUT http://127.0.0.1:9200/index_name
  • 删除 index 
    1

    curl -X DELETE http://127.0.0.1:9200/index_name

记录

  • 新增记录(指定记录id) 
    1
2
3
4
5

    curl -X PUT -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/doc_id -d '
{
    "aa": "11",
    "bb": "22"
}'
  • 新增记录(不指定记录id) 
    1
2
3
4
5

    curl -X POST -H "Content-Type: application/json" http://127.0.0.1:9200/index_name -d '
{
    "aa": "11",
    "bb": "22"
}'
  • 查看记录 
    1

    curl http://127.0.0.1:9200/index_name/doc_id?pretty=true
  • 删除记录 
    1

    curl -X DELETE http://127.0.0.1:9200/index_name/doc_id
  • 更新记录 
    1
2
3
4
5

    curl -X PUT -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/doc_id -d '
{
    "aa": "33",
    "bb": "44"
}'

查询

  • 查询所有记录 
    1

    curl http://127.0.0.1:9200/index_name/_search
  • 查询匹配 
    1
2
3
4

    curl -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/_search -d '
{
    "query": {"match": {"key_name": "value_pattern"}}
}'
  • 从位置2(默认0)开始查询8(默认10)条记录 
    1
2
3
4
5
6

    curl -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/_search -d '
{
    "query": {"match": {"key_name": "value_pattern"}},
    "from": 2,
    "size": 8
}'
  • 逻辑 or 查询 
    1
2
3
4

    curl -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/_search -d '
{
    "query": {"match": {"key_name": "value_pattern_1 value_pattern_2"}}
}'
  • 逻辑 and 查询 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

    curl -H "Content-Type: application/json" http://127.0.0.1:9200/index_name/_search -d '
{
    "query": {
        "bool": {
            "must": [
                {"match": {"key_name": "value_pattern_1"}},
                {"match": {"key_name": "value_pattern_2"}}
            ]
        }
    }
}'
  • 区间查询 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

    set -euo pipefail
export START_TIME="$(date +%s -d $1)"
export END_TIME="$(date +%s -d $2)"
curl -s -H "Content-Type: application/json" -o result.txt \
    http://127.0.0.1:9200/wangmei_raw/_search?pretty -d @- <<EOF
{
  "_source": [
    "spider_name",
    "spider_time",
    "media_name",
    "publish_time"
  ],
  "query": {
    "bool": {
      "filter": {
        "range": {
          "spider_time": {
            "gt": $START_TIME,
            "lte": $END_TIME
          }
        }
      }
    }
  },
  "size": 10000
}
EOF

Kibana

  • lucene 正则查询 
    1
2

    #查询包含10000-99999毫秒的 message 字段
{ "regexp": { "message": "[0-9]{5}ms" } }
  • Dev tool 模拟 pipeline 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

    POST _ingest/pipeline/_simulate
{
  "pipeline" : {
    "description": "",
    "processors": [
      {
        "grok": {
          "field": "message",
          "patterns": [
            "",
            ""
          ],
          "ignore_missing": true,
          "ignore_failure": true
        }
      }
    ]
  },
  "docs" : [
    {
      "_source": {
        "message": ""
      }
    },
    {
      "_source": {
        "message": ""
      }
    }
  ]
}

pipeline

filebeat