笔记| Elasticsearch 官方入门视频

发表于 更新于 分类于 阅读次数:
本文字数: 32k 阅读时长 ≈ 29 分钟

介绍 Elastic Stack

包含以下4个部分:

  • Elasticsearch:一个基于 JSON 的分布式搜索和分析引擎。
  • Kibana:是 Elastic Stack 的窗户,探索数据并管理堆栈。
  • Beats:是一个面向轻量型采集器的平台,这些采集器可从边缘机器发送数据。
  • Logstash:是动态数据收集管道,拥有可扩展的插件生态系统。

ElasticStack组成部分

核心部分——Elasticsearch: 提供了数据存储、搜索和分析;

Kibana: 提供了数据可视化和Elasticsearch的管理功能;

BeatsLogstash: 提供了数据摄取功能,Beats是一个轻量级的数据摄取工具,Logstash提供了类似与ETL(Extract-Transform-Load)的功能。

基于 Elastic Stack 可以构建很多的解决方案,包括:日志、指标、应用性能监控、健康状态监控、安全分析、应用搜索、网站搜索、企业搜索、地图、商业分析等。

Elastic Stack 支持多种部署方式,既可以在共有云上部署对外提供SaaS服务,也能够自我管理(包括Elastic Cloud Enterprise 和 Standalone)。

Elasticsearch 特点

  • 可扩展
  • 实时:很好地支持了实时搜索和分析
  • 高可用:内置了高可用性
  • 开发者友好:基于 json 文档,对开发者者友好
  • 多样的存储
  • 搜索和聚合

安装部署 Elasticsearch & Kibana

多种方式:

  1. 使用软件介质安装部署
  2. 在容器环境下的安装和部署

安装 Elasticsearch

进入官网,点击免费使用进行下载页面,再进入 Elasticsearch 的下载页面,可参考页面上的 Installation Steps, 其中也有关于容器环境下的安装部署

本文安装指令
1
2
3
4
5
6
7
8
9
10
11
# 下载deb包
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.1-amd64.deb

# 下载校验文件
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.1-amd64.deb.sha512

# 进行校验,正常提示:elasticsearch-7.3.1-amd64.deb: OK
$ shasum -a 512 -c elasticsearch-7.3.1-amd64.deb.sha512

# 安装 
$ sudo dpkg -i elasticsearch-7.3.1-amd64.deb
运行 Elasticsearch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
$ cd /usr/share/elasticsearch/bin
$ sudo ./elasticsearch

# 报错:不能以root用户运行
Caused by: java.lang.RuntimeException: can not run elasticsearch as root

# 但不用root用户运行又没有权限
# 原因是 Elasticsearch (简称 ES )严格限制不允许用root用户执行,但在安装时 ES 已经创建了一个用户和用户组,名字都是 elasticsearch。
# 查看 elasticsearch 用户和用户组
$ sudo less /etc/passwd | grep "elasticsearch"
$ sudo less /etc/group | grep "elasticsearch"

# 解决步骤
# 1. 将 ES 相关文件所属用户和组都从 root 转为 elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /usr/share/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /var/log/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /var/lib/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /etc/default/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /etc/elasticsearch

# 2. 打开文件 /etc/default/elasticsearch,然后
# 2.1 取消 JAVA_HOME 注释,并修改为本机对应路径
JAVA_HOME=/opt/jdk/jdk1.8
# 2.2 在文件末尾添加如下内容
START_DAEMON=true
ES_USER=elasticsearch
ES_GROUP=elasticsearch

# 3. 用 systemctl 管理 ES
$ sudo systemctl enable elasticsearch
# 3.1 启动 ES
$ sudo systemctl start elasticsearch
# 3.2 查看 ES 运行状态
$ sudo systemctl status elasticsearch
# 4. 用 curl 命令验证
$ curl -X GET 'localhost:9200'
# 4.1 显示内容(虚线下方)
--------------------------------------------------------
{
    "name" : "hostname",
    "cluster_name" : "elasticsearch",
    "cluster_uuid" : "1S76**************ZiLA",
    "version" : {
        "number" : "7.3.1",
        "build_flavor" : "default",
        "build_type" : "deb",
        "build_hash" : "4749ba6",
        "build_date" : "2019-08-19T20:19:25.651794Z",
        "build_snapshot" : false,
        "lucene_version" : "8.1.0",
        "minimum_wire_compatibility_version" : "6.8.0",
        "minimum_index_compatibility_version" : "6.0.0-beta1"
    },
    "tagline" : "You Know, for Search"
}

安装 Kibana

进入 kibana 的下载页面,可参考页面上的 Installation Steps,其中也有关于容器环境下的安装部署

本文的安装指令
1
2
3
4
5
6
7
8
# 下载deb包
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.3.1-amd64.deb
# 下载校验文件
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.3.1-amd64.deb.sha512
# 进行校验,正常提示:kibana-7.3.1-amd64.deb: OK
$ shasum -a 512 -c kibana-7.3.1-amd64.deb.sha512
# 安装 
$ sudo dpkg -i kibana-7.3.1-amd64.deb

安装过程中提示需要重启才能完整安装完毕,所以一定要重启系统!!!

运行 kibana
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 1. 配置 kibana,进入配置文件夹
$ cd /etc/kibana

# 2. 编辑文件,指定运行 elasticsearch 的主机,默认是本机
$ vim kibana.yml
#elasticsearch.hosts: ["http://localhost:9200"]

# 3. 运行
$ cd /usr/share/kibana/bin/

# 4. 验证
打开浏览器输入 http://localhost:5601
# 成功的话将会看到与下方类似的图片

# 5. 用 systemctl 管理 Kibana
$ cd /usr/share/kibana
$ sudo /bin/systemctl daemon-reload
$ sudo /bin/systemctl enable kibana.service
# 5.1 用 systemctl 命令启动 Kibana
$ sudo systemctl start kibana.service
# 5.2 查看 Kibana 状态
$ sudo systemctl stop kibana.service

Welcome to Kibana

Kibana home

Dev Tool

本文演示通过 Kibana 的 Dev Tool,这是一个交互式命令控制台(左边输入命令,右边显示结果),可方便地进行脚本调试、测试和配置等工作。
方便的基本操作指令有:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
// 工具能自动补齐
// 显示 ES 基本信息
GET /

// 查看 cat 配置和属性
GET /_cat/

// 查看 cat 的 shards
GET /_cat/shards

// 查看 cat 的 indices
GET /_cat/indeics

// 查看群集健康程度
GET /_cat/health

备用下载地址

有时下载 ElasticSearch 和 Kibana 安装包过于漫长,这里提供了一个本文用到的安装文件的备用下载地址百度网盘,提取码: cp7h,共有如下4个文件。

文件列表

使用 JSON 格式的文档

通常使用 JSON 格式的文档与 Elasticsearch 进行交互

JSON 文档常见格式:

1
2
3
4
5
6
7
8
9
{
    "name": "James",
    "age": 30,
    "location": {
        lat: "999.0",
        lon: "9012"
    },
    "tag": ["smart", "handsome"]
}

增删改查 CRUD

单文档增删改查

增加

Elasticsearch 是基于倒排索引的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// 从版本6以后一个 index 只能对应一个 type
// 增加,其中 twitter 是 index 名,_doc 是 type 名,1是文档 id
POST twitter/_doc/1
{
    "user": "James",
    "uid": 1,
    "city": "Shenyang",
    "province": "Liaoning",
    "country": "China"
}
-------------(右方结果显示)-------------
{
  "_index" : "twitter",
  "_type" : "_doc",
  "_id" : "1",
  "_version" : 1,
  "result" : "created",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 0,
  "_primary_term" : 1
}
------------------------------------------
查找
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
GET twitter/_doc/1
-------------(右方结果显示)-------------
{
  "_index" : "twitter",
  "_type" : "_doc",
  "_id" : "1",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "user" : "James",
    "uid" : 1,
    "city" : "Shenyang",
    "province" : "Liaoning",
    "country" : "China"
  }
}
------------------------------------------
更新
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// 按照文档 id 更新
POST twitter/_doc/1
{
    "user": "詹姆斯",
    "uid": 1,
    "city": "沈阳",
    "province": "辽宁",
    "country": "中国",
    "location": {
        "lat": "12.234234",
        "lon": "323.2323"
    }
}
-------------(右方结果显示)-------------
{
  "_index" : "twitter",
  "_type" : "_doc",
  "_id" : "1",
  "_version" : 2,
  "result" : "updated",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 1,
  "_primary_term" : 1
}
------------------------------------------

// 选择性更新
POST twitter/_update_by_query
{
    "script": {
        "source": "ctx._source.city = params.city;ctx._source.province = params.province;",
        "lang": "painless",
        "params": {
            "city": "成都",
            "province": "四川"
        }
    },
    "query": {
        "match": {
            "user": "詹姆斯"
        }
    }
}
-------------(右方结果显示)-------------
{
  "took" : 126,
  "timed_out" : false,
  "total" : 1,
  "updated" : 1,
  "deleted" : 0,
  "batches" : 1,
  "version_conflicts" : 0,
  "noops" : 0,
  "retries" : {
    "bulk" : 0,
    "search" : 0
  },
  "throttled_millis" : 0,
  "requests_per_second" : -1.0,
  "throttled_until_millis" : 0,
  "failures" : [ ]
}
------------------------------------------
删除
1
2
3
4
5
6
DELETE twitter
-------------(右方结果显示)-------------
{
  "acknowledged" : true
}
------------------------------------------

批量文档增删改查

bulk 增加
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
POST _bulk
{ "index": {"_index": "twitter"} }
{ "user": "双榆树-张三", "message": "今天天气不错,出去转转", "uid": 2, "age": 20, "city": "北京", "province": "北京", "country": "中国", "address": "中国北京市海淀区", "location": {"lat": "23.23", "lon": "115"} }
{ "index": {"_index": "twitter"} }
{ "user": "东城区-老刘", "message": "出发,下一行云南", "uid": 3, "age": 30, "city": "北京", "province": "北京", "country": "中国", "address": "中国北京市东城区基厂三条3号", "location": {"lat": "23.345", "lon": "116"} }
{ "index": {"_index": "twitter"} }
{ "user": "东城区-李四", "message": "Happy birthday!", "uid": 4, "age": 30, "city": "北京", "province": "北京", "country": "中国", "address": "中国北京市东城区", "location": {"lat": "25.223", "lon": "105"} }
{ "index": {"_index": "twitter"} }
{ "user": "朝阳区-老贾", "message": "今天天气不错,出去转转", "uid": 5, "age": 35, "city": "北京", "province": "北京", "country": "中国", "address": "中国北京市朝阳区建国门", "location": {"lat": "26.345", "lon": "119"} }
{ "index": {"_index": "twitter"} }
{ "user": "朝阳区-老贾", "message": "Happy birthday my friend!", "uid": 6, "age": 50, "city": "北京", "province": "北京", "country": "中国", "address": "中国北京市朝阳区国贸", "location": {"lat": "26.123", "lon": "107"} }
{ "index": {"_index": "twitter"} }
{ "user": "虹桥-老吴", "message": "好友带来了,今天我生日", "uid": 7, "age": 90, "city": "上海", "province": "上海", "country": "中国", "address": "中国上海市闵行区", "location": {"lat": "31.223", "lon": "125"} }
-------------(右方结果显示)-------------
{
  "took" : 941,
  "errors" : false,
  "items" : [
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "n5FG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 0,
        "_primary_term" : 1,
        "status" : 201
      }
    },
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "oJFG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 1,
        "_primary_term" : 1,
        "status" : 201
      }
    },
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "oZFG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 2,
        "_primary_term" : 1,
        "status" : 201
      }
    },
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "opFG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 3,
        "_primary_term" : 1,
        "status" : 201
      }
    },
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "o5FG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 4,
        "_primary_term" : 1,
        "status" : 201
      }
    },
    {
      "index" : {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pJFG1mwB6KtJaZuGZ9Dn",
        "_version" : 1,
        "result" : "created",
        "_shards" : {
          "total" : 2,
          "successful" : 1,
          "failed" : 0
        },
        "_seq_no" : 5,
        "_primary_term" : 1,
        "status" : 201
      }
    }
  ]
}
------------------------------------------
bulk 增加导致映射错误

问题:ES 插入6个文档时,自动触发了 mapping,也被叫做 dynamic mapping。有时候 dynamic mapping 会导致有些字段未能映射正确,比如上方的 location 属性未被映射为 geo_point(地理位置信息字段), 而是被映射为了 text。

解决方法:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// 1. 删除该索引
DELETE twitter 
// 2. put 设置分片数为1,版本7之前有5个分片,之后只有1个
PUT twitter
{
  "settings": {"number_of_shards": 1}
}
// 3. 通过 _mapping 接口对 twitter 结构重新定义,满足自定义索引使用需求
PUT twitter/_mapping
{
   
      "properties" : {
        "address" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "city" : {
            "type" : "keyword"
        },
        "country" : {
          "type" : "keyword"
        },
        "location" : {
          "type" : "geo_point"
        },
        "province" : {
          "type" : "keyword"
        },
        "uid" : {
          "type" : "long"
        },
        "user" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
}

-------------(右方结果显示)-------------
{
  "acknowledged" : true
}
------------------------------------------
查找所有
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// 查看批量插入是否成功
GET twitter/_search
-------------(右方结果显示)-------------
{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 6,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "n5FG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "双榆树-张三",
          "message" : "今天天气不错,出去转转",
          "uid" : 2,
          "age" : 20,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市海淀区",
          "location" : {
            "lat" : "23.23",
            "lon" : "115"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "oJFG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "oZFG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "opFG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "今天天气不错,出去转转",
          "uid" : 5,
          "age" : 35,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区建国门",
          "location" : {
            "lat" : "26.345",
            "lon" : "119"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "o5FG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "Happy birthday my friend!",
          "uid" : 6,
          "age" : 50,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区国贸",
          "location" : {
            "lat" : "26.123",
            "lon" : "107"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pJFG1mwB6KtJaZuGZ9Dn",
        "_score" : 1.0,
        "_source" : {
          "user" : "虹桥-老吴",
          "message" : "好友带来了,今天我生日",
          "uid" : 7,
          "age" : 90,
          "city" : "上海",
          "province" : "上海",
          "country" : "中国",
          "address" : "中国上海市闵行区",
          "location" : {
            "lat" : "31.223",
            "lon" : "125"
          }
        }
      }
    ]
  }
}
------------------------------------------
带条件查找
找到所在城市为北京的人
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
GET twitter/_search
{
  "query": {"match": {
    "city": "北京"
  }}
}
-------------(右方结果显示)-------------
{
  "took" : 14,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5,
      "relation" : "eq"
    },
    "max_score" : 0.37469345,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pZHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "双榆树-张三",
          "message" : "今天天气不错,出去转转",
          "uid" : 2,
          "age" : 20,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市海淀区",
          "location" : {
            "lat" : "23.23",
            "lon" : "115"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "ppHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qJHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "今天天气不错,出去转转",
          "uid" : 5,
          "age" : 35,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区建国门",
          "location" : {
            "lat" : "26.345",
            "lon" : "119"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qZHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "Happy birthday my friend!",
          "uid" : 6,
          "age" : 50,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区国贸",
          "location" : {
            "lat" : "26.123",
            "lon" : "107"
          }
        }
      }
    ]
  }
}
------------------------------------------
使用 bool 进行查询

1.must
must 类似于 sql 中的 and

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// 在北京且年龄为30岁的人
GET twitter/_search
{
  "query": {
    "bool": {"must": [
      {"match": {
        "city": "北京"
      }},
      {"match": {
          "age": "30"
        }}
    ]}
  }
}
-------------(右方结果显示)-------------
{
  "took" : 192,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 1.3746934,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "ppHy3GwB6KtJaZuGGtC7",
        "_score" : 1.3746934,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : 1.3746934,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        }
      }
    ]
  }
}
------------------------------------------

2.must not

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// 不在北京的人
GET twitter/_search
{
  "query": {
    "bool": {"must_not": [
      {"match": {
        "city": "北京"
      }}
    ]}
  }
}
-------------(右方结果显示)-------------
{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 0.0,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qpHy3GwB6KtJaZuGGtC7",
        "_score" : 0.0,
        "_source" : {
          "user" : "虹桥-老吴",
          "message" : "好友带来了,今天我生日",
          "uid" : 7,
          "age" : 90,
          "city" : "上海",
          "province" : "上海",
          "country" : "中国",
          "address" : "中国上海市闵行区",
          "location" : {
            "lat" : "31.223",
            "lon" : "125"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "1",
        "_score" : 0.0,
        "_source" : {
          "user" : "詹姆斯",
          "uid" : 1,
          "city" : "沈阳",
          "province" : "辽宁",
          "country" : "中国",
          "location" : {
            "lat" : "12.234234",
            "lon" : "32.2323"
          }
        }
      }
    ]
  }
}
------------------------------------------

3.should
should 类似于 sql 中的 or

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// 在北京或上海的人
GET twitter/_search
{
  "query": {
    "bool": {"should": [
      {"match": {
        "city": "北京"
      }},
      {"match": {
        "city": "上海"
      }}
    ]}
  }
}
-------------(右方结果显示)-------------
{
  "took" : 18,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 6,
      "relation" : "eq"
    },
    "max_score" : 1.6739764,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qpHy3GwB6KtJaZuGGtC7",
        "_score" : 1.6739764,
        "_source" : {
          "user" : "虹桥-老吴",
          "message" : "好友带来了,今天我生日",
          "uid" : 7,
          "age" : 90,
          "city" : "上海",
          "province" : "上海",
          "country" : "中国",
          "address" : "中国上海市闵行区",
          "location" : {
            "lat" : "31.223",
            "lon" : "125"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pZHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "双榆树-张三",
          "message" : "今天天气不错,出去转转",
          "uid" : 2,
          "age" : 20,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市海淀区",
          "location" : {
            "lat" : "23.23",
            "lon" : "115"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "ppHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qJHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "今天天气不错,出去转转",
          "uid" : 5,
          "age" : 35,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区建国门",
          "location" : {
            "lat" : "26.345",
            "lon" : "119"
          }
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qZHy3GwB6KtJaZuGGtC7",
        "_score" : 0.37469345,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "Happy birthday my friend!",
          "uid" : 6,
          "age" : 50,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区国贸",
          "location" : {
            "lat" : "26.123",
            "lon" : "107"
          }
        }
      }
    ]
  }
}

------------------------------------------
用 _count 统计个数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// 在北京和上海的人的个数
GET twitter/_count
{
  "query": {
    "bool": {"should": [
      {"match": {
        "city": "北京"
      }},
      {"match": {
        "city": "上海"
      }}
    ]}
  }
}
-------------(右方结果显示)-------------
{
  "count" : 6,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  }
}
------------------------------------------
复杂查找:按地理位置信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// 在北京且距离某一固定范围内的人,并排序
GET twitter/_search
{
  "query": {
    "bool": {"must": [
      {"match": {
        "address": "北京"
      }}
    ]}
  },
  "post_filter": {
    "geo_distance": {
      "distance": "1000km",
      "location": {
        "lat": "26.129",
        "lon": "107.011"
      }
    }
  },
  "sort": [
    {
      "_geo_distance": {
        "location": "26.129,107.011", 
        "order": "desc",
        "unit": "km"
      }
    }
  ]
}
-------------(右方结果显示)-------------
{
  "took" : 104,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 4,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "ppHy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        },
        "sort" : [
          958.850982854175
        ]
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pZHy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "双榆树-张三",
          "message" : "今天天气不错,出去转转",
          "uid" : 2,
          "age" : 20,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市海淀区",
          "location" : {
            "lat" : "23.23",
            "lon" : "115"
          }
        },
        "sort" : [
          868.9442642436171
        ]
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        },
        "sort" : [
          225.30557848523242
        ]
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qZHy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "Happy birthday my friend!",
          "uid" : 6,
          "age" : 50,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区国贸",
          "location" : {
            "lat" : "26.123",
            "lon" : "107"
          }
        },
        "sort" : [
          1.2849540831286064
        ]
      }
    ]
  }
}
// 说明:此处经纬度地址为随机手写,为了出现多条信息,特地将 distance 增大了,真实情况不需要
------------------------------------------
范围查询
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// 查询年龄大于等于20小于等于30的人,并降序排序
GET twitter/_search
{
  "query": {
    "range": {
      "age": {
        "gte": 20,
        "lte": 30
      }
    }
  },
  "sort": [
    {
      "age": {
        "order": "desc"
      }
    }
  ]
}
-------------(右方结果显示)-------------
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 3,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "ppHy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "东城区-老刘",
          "message" : "出发,下一行云南",
          "uid" : 3,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区基厂三条3号",
          "location" : {
            "lat" : "23.345",
            "lon" : "116"
          }
        },
        "sort" : [
          30
        ]
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        },
        "sort" : [
          30
        ]
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "pZHy3GwB6KtJaZuGGtC7",
        "_score" : null,
        "_source" : {
          "user" : "双榆树-张三",
          "message" : "今天天气不错,出去转转",
          "uid" : 2,
          "age" : 20,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市海淀区",
          "location" : {
            "lat" : "23.23",
            "lon" : "115"
          }
        },
        "sort" : [
          20
        ]
      }
    ]
  }
}
------------------------------------------
按指定字段查询
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// 查询并将命中字段高亮显示
GET twitter/_search
{
  "query": {
    "match": {
        "message": "hPy birthday"
    }
  },
  "highlight": {
    "fields": {"message": {}}
  }
}
-------------(右方结果显示)-------------
// <em> 即为高亮显示标签
{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 1.4602998,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : 1.4602998,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        },
        "highlight" : {
          "message" : [
            "Happy <em>birthday</em>!"
          ]
        }
      },
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "qZHy3GwB6KtJaZuGGtC7",
        "_score" : 1.2567999,
        "_source" : {
          "user" : "朝阳区-老贾",
          "message" : "Happy birthday my friend!",
          "uid" : 6,
          "age" : 50,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市朝阳区国贸",
          "location" : {
            "lat" : "26.123",
            "lon" : "107"
          }
        },
        "highlight" : {
          "message" : [
            "Happy <em>birthday</em> my friend!"
          ]
        }
      }
    ]
  }
}
------------------------------------------

// 用 "match" 如果要查 "abc def",那么 "def abc"也会被查出,同时比较接近的也会被查出
// 避免这种情况用 "match_phrase"
// 分词时不分区大小写,这里查询也是
GET twitter/_search
{
  "query": {
    "match_phrase": {
        "message": "haPy birthday"
    }
  }
}

映射 Mapping

Elasticsearch 中的 Mapping 对应关系型数据库中的库表结构

查看 mapping 信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
// 检查文档的 mapping 信息,类似于数据库中的表
GET twitter/_mapping
-------------(右方结果显示)-------------
{
  "twitter" : {
    "mappings" : {
      "properties" : {
        "address" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "age" : {
          "type" : "long"
        },
        "city" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "country" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "location" : {
          "properties" : {
            "lat" : {
              "type" : "text",
              "fields" : {
                "keyword" : {
                  "type" : "keyword",
                  "ignore_above" : 256
                }
              }
            },
            "lon" : {
              "type" : "text",
              "fields" : {
                "keyword" : {
                  "type" : "keyword",
                  "ignore_above" : 256
                }
              }
            }
          }
        },
        "message" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "province" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "uid" : {
          "type" : "long"
        },
        "user" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
    }
  }
}
// 上方中的 text 表示该字段可被全文搜索,keyword 表明该字段可用于聚合查询进行统计分析;
// 同时含有这两种类型,说明该字段既按照 text 分词进行保存,又按照 keyword 分词进行保存。

------------------------------------------

聚合操作

range

类似于 sql 中的 >= 和 <=

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// 下面的 size 表示命中信息的显示个数
// 由于做聚合分析,可以不显示命中信息
GET twitter/_search
{
  "size": 0,
  "aggs": {
    "age": {
      "range": {
        "field": "age",
        "ranges": [
          {
            "from": 20,
            "to": 30
          },{
            "from": 30,
            "to": 40
          },{
            "from": 40,
            "to": 100
          }
        ]
      }
    }
  }
}
-------------(右方结果显示)-------------
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 7,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "age" : {
      "buckets" : [
        {
          "key" : "20.0-30.0",
          "from" : 20.0,
          "to" : 30.0,
          "doc_count" : 1
        },
        {
          "key" : "30.0-40.0",
          "from" : 30.0,
          "to" : 40.0,
          "doc_count" : 3
        },
        {
          "key" : "40.0-100.0",
          "from" : 40.0,
          "to" : 100.0,
          "doc_count" : 2
        }
      ]
    }
  }
}
------------------------------------------

term

类似于 sql 中的 group by

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
GET twitter/_search
{
  "query": {

    "match": {
        "message": "happy birthday"
    }
  }, 
  "size":1, 
  "aggs": {

    "city": {
      "terms": {
        "field": "city",
        "size": 10
      }
    }
  }
}
// terms 里的 size 表示一次显示出 key 的个数,默认是10
// terms 用 size 作假分页的效果,其实全部查出来了,知识部分显示而已
-------------(右方结果显示)-------------
{
  "took" : 1, 
  "timed_out" : false, 
  "_shards" : {

    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  }, 
  "hits" : {

    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 2.9205997,
    "hits" : [
      {
        "_index" : "twitter",
        "_type" : "_doc",
        "_id" : "p5Hy3GwB6KtJaZuGGtC7",
        "_score" : 2.9205997,
        "_source" : {
          "user" : "东城区-李四",
          "message" : "Happy birthday!",
          "uid" : 4,
          "age" : 30,
          "city" : "北京",
          "province" : "北京",
          "country" : "中国",
          "address" : "中国北京市东城区",
          "location" : {
            "lat" : "25.223",
            "lon" : "105"
          }
        }
      }
    ]
  }, 
  "aggregations" : {

    "city" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "北京",
          "doc_count" : 2
        }
      ]
    }
  }
}
------------------------------------------
``` 

### 分析器 Analyzers
> 用 Analyzer 对字段里的文本进行过滤和分词,形成倒排索引,最后供搜索使用。通常一个 Analyzer 由以下3个部分组成

* Character Filters
对字段进行过滤
<br/>

* Tokenizer
形成分词器,把各个短语分为各个值
<br/>

* Token Filters
对分开的词进行过滤,把所有 stopwords 不进行搜索的词去掉,或把所有词组中的词统一为小写

#### standard 分词器
```json
// 按空格分
GET twitter/_analyze
{
  "text": ["Happy Birthday"],
  "analyzer": "standard"
}
-------------(右方结果显示)-------------
{
  "tokens" : [
    {
      "token" : "happy",
      "start_offset" : 0,
      "end_offset" : 5,
      "type" : "<ALPHANUM>",
      "position" : 0
    },
    {
      "token" : "birthday",
      "start_offset" : 6,
      "end_offset" : 14,
      "type" : "<ALPHANUM>",
      "position" : 1
    }
  ]
}
------------------------------------------

put twitter/_mapping 中也可以添加 analyzer,默认是 standard
例如:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
PUT twitter/_mapping
{
   
      "properties" : {
        "address" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "city" : {
            "type" : "keyword"
        },
        "country" : {
          "type" : "keyword"
        },
        "location" : {
          "type" : "geo_point"
        },
        "province" : {
          "type" : "keyword"
        },
        "uid" : {
          "type" : "long"
        },
        "user" : {
          "type" : "text",
          "analyzer": "standard"
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
}

simple 分词器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
GET twitter/_analyze
{
  "text": ["Happy.Birthday"],
  "analyzer": "simple"
}
-------------(右方结果显示)-------------
{
  "tokens" : [
    {
      "token" : "happy",
      "start_offset" : 0,
      "end_offset" : 5,
      "type" : "word",
      "position" : 0
    },
    {
      "token" : "birthday",
      "start_offset" : 6,
      "end_offset" : 14,
      "type" : "word",
      "position" : 1
    }
  ]
}
------------------------------------------

自定义分词并转小写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
GET twitter/_analyze
{
  "text": ["Happy Birthday"],
  "tokenizer": "standard", 
  "filter": ["lowercase"]
}
-------------(右方结果显示)-------------
{
  "tokens" : [
    {
      "token" : "happy",
      "start_offset" : 0,
      "end_offset" : 5,
      "type" : "<ALPHANUM>",
      "position" : 0
    },
    {
      "token" : "birthday",
      "start_offset" : 6,
      "end_offset" : 14,
      "type" : "<ALPHANUM>",
      "position" : 1
    }
  ]
}
------------------------------------------

附:kibana 页面快捷键

快捷键 描述
Ctrl/Cmd + I 自动格式化
Ctrl/Cmd + / 打开帮助文档
Ctrl + Space 自动补全
Ctrl/Cmd + Enter 执行代码
Ctrl/Cmd + Up/Down 将光标切换到上/下一段代码(注:这里与 chrome 切换标签页的快捷键重复)
Ctrl/Cmd + Alt + L 折叠/展开当前域(注:测试无效)
Ctrl/Cmd + Option + 0 关闭所有域除了当前域,组合键再加 shift 可展开
Down arrow 自动提示有多个选项时进行选择
Enter/Tab 直接补全最常用提示代码
Esc 暂停编辑区工作

附:官方辅助资料

简体中文文档
主办活动
elasticsearch中文社区

ElasticSearch 7 新版本正在被广泛使用

码哥 wechat
欢迎关注个人订阅号:「码上行动GO」