(2/2)基于容器化,快速使用ElasticSearch
Posted dotNET跨平台
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了(2/2)基于容器化,快速使用ElasticSearch相关的知识,希望对你有一定的参考价值。
四、常见的操作指南
下面是一些日常使用疑问
1、如何kibana调用es接口命令
登录kibana系统后,在菜单栏中Management->Dev Tools, 进入后我们在左侧框中输入(先清空),输入下面的内容
GET /右侧栏中会出现一段json,可以看到我们的es版本等信息
"name": "dae8747df6f0",
"cluster_name": "docker-cluster",
"cluster_uuid": "toprRlPKRv22cMX8gh96LQ",
"version":
"number": "8.4.3",
"build_flavor": "default",
"build_type": "docker",
"build_hash": "42f05b9372a9a4a470db3b52817899b99a76ee73",
"build_date": "2022-10-04T07:17:24.662462378Z",
"build_snapshot": false,
"lucene_version": "9.3.0",
"minimum_wire_compatibility_version": "7.17.0",
"minimum_index_compatibility_version": "7.0.0"
,
"tagline": "You Know, for Search"
2、添加单个文档
提交以下索引请求以将单个日志条目添加到 logs-myapp 数据流。
由于 logs-myapp不存在,请求会使用内置的 logs-*-* 索引模板自动创建它。
这里模拟的是一个请求的文件日志记录
POST logs-myapp/_doc
"@timestamp": "2099-05-06T16:21:15.000Z",
"event":
"original": "192.0.2.42 - - [06/May/2099:16:21:15 +0000] \\"GET /images/bg.jpg HTTP/1.0\\" 200 24736"
返回数据
响应包括 Elasticsearch 为文档生成的元数据:
包含文档的支持 _index。Elasticsearch 会自动生成支持索引的名称。
索引中文档的唯一 _id。
"_index": "logs-myapp",
"_id": "snwQN4QBFZ31xH8Hlg-J",
"_version": 1,
"result": "created",
"_shards":
"total": 2,
"successful": 1,
"failed": 0
,
"_seq_no": 0,
"_primary_term": 1
3、添加多个文档
使用 _bulk 端点在一个请求中添加多个文档。批量数据必须是换行符分隔的 JSON (NDJSON)。每行必须以换行符 (\\n) 结尾,包括最后一行。
PUT logs-myapp/_bulk
"create":
"@timestamp": "2099-05-07T16:24:32.000Z", "event": "original": "192.0.2.242 - - [07/May/2020:16:24:32 -0500] \\"GET /images/hm_nbg.jpg HTTP/1.0\\" 304 0"
"create":
"@timestamp": "2099-05-08T16:25:42.000Z", "event": "original": "192.0.2.255 - - [08/May/2099:16:25:42 +0000] \\"GET /favicon.ico HTTP/1.0\\" 200 3638" 响应数据
"took": 28,
"errors": false,
"items": [
"create":
"_index": "logs-myapp",
"_id": "s3wVN4QBFZ31xH8HcQ8j",
"_version": 1,
"result": "created",
"_shards":
"total": 2,
"successful": 1,
"failed": 0
,
"_seq_no": 1,
"_primary_term": 1,
"status": 201
,
"create":
"_index": "logs-myapp",
"_id": "tHwVN4QBFZ31xH8HcQ8j",
"_version": 1,
"result": "created",
"_shards":
"total": 2,
"successful": 1,
"failed": 0
,
"_seq_no": 2,
"_primary_term": 1,
"status": 201
]
4、查看当前索引
GET _cat/indices5、搜索文档内容
查询条件为所有条目,
按字段@timestamp降序排列
GET logs-myapp/_search
"query":
"match_all":
,
"sort": [
"@timestamp":
"order": "desc"
]
返回结果
"took": 0,
"timed_out": false,
"_shards":
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
,
"hits":
"total":
"value": 3,
"relation": "eq"
,
"max_score": null,
"hits": [
"_index": "logs-myapp",
"_id": "tHwVN4QBFZ31xH8HcQ8j",
"_score": null,
"_source":
"@timestamp": "2099-05-08T16:25:42.000Z",
"event":
"original": """192.0.2.255 - - [08/May/2099:16:25:42 +0000] "GET /favicon.ico HTTP/1.0" 200 3638"""
,
"sort": [
4081940742000
]
,
"_index": "logs-myapp",
"_id": "s3wVN4QBFZ31xH8HcQ8j",
"_score": null,
"_source":
"@timestamp": "2099-05-07T16:24:32.000Z",
"event":
"original": """192.0.2.242 - - [07/May/2020:16:24:32 -0500] "GET /images/hm_nbg.jpg HTTP/1.0" 304 0"""
,
"sort": [
4081854272000
]
,
"_index": "logs-myapp",
"_id": "snwQN4QBFZ31xH8Hlg-J",
"_score": null,
"_source":
"@timestamp": "2099-05-06T16:21:15.000Z",
"event":
"original": """192.0.2.42 - - [06/May/2099:16:21:15 +0000] "GET /images/bg.jpg HTTP/1.0" 200 24736"""
,
"sort": [
4081767675000
]
]
6、搜索文档内容-特定字段
对于大文档,解析整个_source很麻烦,
我们需要将_source参数置为false。
然后从fields参数中来检索想要的字段
GET logs-myapp/_search
"query":
"match_all":
,
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
"@timestamp":
"order": "desc"
]
响应数据
"took": 0,
"timed_out": false,
"_shards":
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
,
"hits":
"total":
"value": 3,
"relation": "eq"
,
"max_score": null,
"hits": [
"_index": "logs-myapp",
"_id": "tHwVN4QBFZ31xH8HcQ8j",
"_score": null,
"fields":
"@timestamp": [
"2099-05-08T16:25:42.000Z"
]
,
"sort": [
4081940742000
]
,
"_index": "logs-myapp",
"_id": "s3wVN4QBFZ31xH8HcQ8j",
"_score": null,
"fields":
"@timestamp": [
"2099-05-07T16:24:32.000Z"
]
,
"sort": [
4081854272000
]
,
"_index": "logs-myapp",
"_id": "snwQN4QBFZ31xH8Hlg-J",
"_score": null,
"fields":
"@timestamp": [
"2099-05-06T16:21:15.000Z"
]
,
"sort": [
4081767675000
]
]
7、搜索文档内容-查询范围
在特定的时间或者IP范围内进行搜索
GET logs-myapp/_search
"query":
"range":
"@timestamp":
"gte": "2099-05-07",
"lte": "2099-05-08"
,
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
"@timestamp":
"order": "desc"
]
响应数据
"took": 0,
"timed_out": false,
"_shards":
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
,
"hits":
"total":
"value": 2,
"relation": "eq"
,
"max_score": null,
"hits": [
"_index": "logs-myapp",
"_id": "tHwVN4QBFZ31xH8HcQ8j",
"_score": null,
"fields":
"@timestamp": [
"2099-05-08T16:25:42.000Z"
]
,
"sort": [
4081940742000
]
,
"_index": "logs-myapp",
"_id": "s3wVN4QBFZ31xH8HcQ8j",
"_score": null,
"fields":
"@timestamp": [
"2099-05-07T16:24:32.000Z"
]
,
"sort": [
4081854272000
]
]
8、搜索文档内容-查询范围
对过去一天进行查询 ,表达式
GET logs-myapp/_search
"query":
"range":
"@timestamp":
"gte": "now-1d/d",
"lte": "now/d"
,
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
"@timestamp":
"order": "desc"
]
响应数据
"took": 0,
"timed_out": false,
"_shards":
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
,
"hits":
"total":
"value": 0,
"relation": "eq"
,
"max_score": null,
"hits": []
9、搜索文档内容-提取内容
POST logs-test/_doc/1
"raw_message":"199.72.81.55 - - [01/Jul/1995:00:00:01 -0400] GET /history/apollo/ HTTP/1.0 200 6245",
"address":"1.2.3.4"
结果
"_index": "logs-test",
"_id": "1",
"_version": 1,
"result": "created",
"_shards":
"total": 2,
"successful": 1,
"failed": 0
,
"_seq_no": 0,
"_primary_term": 1
以上是关于(2/2)基于容器化,快速使用ElasticSearch的主要内容,如果未能解决你的问题,请参考以下文章
基于Docker容器化快速搭建Halo个人博客并配置https服务
基于Docker容器化快速搭建Halo个人博客并配置https服务
基于Docker容器化快速搭建Halo个人博客并配置https服务