ELK
- Introduction
- download
- Installation of Elasticsearch
- Kibana和Logstash
- Simple DSL language query for ElasticSearch
-
- One, query query
-
- 1. Query all indexes
- 2. Query all documents under the test index
- 3. Queries with pagination and sorting by number
- 4. Query with conditions and pagination sorting, sort sorting, order reverse order
- 5. Query balance range, filter filter conditions, range range
- 6. Grouping and calculating statistics, group_by_state grouping, aggs is used to specify the aggregation condition, and the specific result array in the hit result returned by size shows 0
- 7. term to query the exact value of the field
- 8. The use of query_string can set the default query field
- 9. The use of match_parse_prefix, query the email field prefixed with ab
- 2. bool query under query
Introduction
ELK is the abbreviation of ElasticSearch, Logstash, Kibana
download
Elastic’s official website cannot be opened. It is recommended to use domestic mirrors, such as Huawei Cloud: Huawei Cloud Mirror Address
Installation of Elasticsearch
- Find the version you want to download and click Download, configure the port and cross-domain of elasticsearch.yml under the conf file, and add the following configuration:
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"
Enter CMD in the address bar under the bin folder, and enter in the command window: elasticsearch.bat to start
- Add elasticsearch to windows service
安装服务
elasticsearch-service.bat install
当failed to .. 执行移除服务
elasticsearch-service.bat remove
或者win+R输入regedit打开注册表找到如下,删除后重启
计算机\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elasticsearch-service-x64
Due to the problem of the java version, the installation service has been failing or the installation service cannot be started. The solution is as follows:
Replace the if(JAVA_HOME)...else code block in elasticsearch-env.bat with the following:
set JAVA="%ES_HOME%\jdk\bin\java.exe"
set JAVA_HOME="%ES_HOME%\jdk"
set JAVA_TYPE=bundled jdk
After the replacement is completed, execute elasticsearch-service.bat install again , and the windows service can be started normally. Enter localhost:9200 in the browser to test.
Kibana和Logstash
- Console startup
Enter CMD in the address bar under the bin folder, and enter in the command window: kibana.bat /logstash.bat to start - Add windows service to start automatically
Download NSSM, official website address
Open CMD in the exe folder of the downloaded folder, enter
nssm install kibana
nssm install logstash
The service installation of logstash is different in that the Argument option is filled in logstash/config/logstash-sample.conf, and the others are similar.
Simple DSL language query for ElasticSearch
Index name: test
1. Comparison of match, match_all, match_parse, match_parase_prefix and term, query_string
match: Fuzzy matching, you need to specify the field name, but the input will be word-segmented, which is a partial matching fuzzy query. The query conditions are relatively loose.
match_all: Query all
match_parse: Word segmentation will be performed on the input, but all the word segmentation needs to be included in the result, and the order requirements are the same
match_parse_prefix: What is the prefix
for querying a field typeface.
query_string: Similar to match, but match needs to specify the field name, query_string is to search in all fields, and the scope is wider.
One, query query
1. Query all indexes
GET _search
{
"query": {
"match_all": {
}
}
}
2. Query all documents under the test index
GET /test/_search
{
"query": {
"match_all": {
}
}
}
3. Queries with pagination and sorting by number
GET /test/_search
{
"query": {
"match_all": {
}
},
"sort": [
{
"number": {
"order": "desc"
}
}
],
"from": 0,
"size": 20
}
4. Query with conditions and pagination sorting, sort sorting, order reverse order
GET /test/_search
{
"query": {
"match": {
"email": "abc.com"
}
},
"sort": [
{
"number": {
"order": "desc"
}
}
],
"from": 0,
"size": 20
}
5. Query balance range, filter filter conditions, range range
GET /test/_search
{
"query": {
"bool": {
"must":
{
"match_all": {
}
},
"filter": [
{
"range": {
"balance": {
"gte": 1000,
"lte": 2000
}
}}
]
}
}
}
6. Grouping and calculating statistics, group_by_state grouping, aggs is used to specify the aggregation condition, and the specific result array in the hit result returned by size shows 0
GET /test/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "city.keyword"
},
"aggs": {
"平均工资": {
"sum": {
"field": "balance"
}
}
}
}
}
}
7. term to query the exact value of the field
GET /test/_search
{
"query": {
"term": {
"email": {
"value": "[email protected]"
}
}
}
}
8. The use of query_string can set the default query field
GET /test/_search
{
"query": {
"query_string": {
"default_field": "email",
"query": "[email protected]"
}
}
}
9. The use of match_parse_prefix, query the email field prefixed with ab
GET /test/_search
{
"query": {
"match_phrase_prefix": {
"email": "am"
}
}
}
2. bool query under query
There are must under bool, must_not, should must, must not, should.
1. Multi-condition query, pay attention to the {} outside the conditions such as match
GET /test/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"email": "[email protected]"
}
},
{
"match_phrase": {
"lastname": "Duke"
}
}
]
}
}
}
2. Simultaneous use of must, must_not, and should
GET /bank/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"balance": "39225"
}
}
],
"must_not": [
{
"match": {
"firstname": "cccc"
}
}
],
"should": [
{
"match": {
"age": "3"
}
}
]
}
}
}