1. Query the index information first
curl -XGET 10.15.4.121:9200/test-2023.08.25?pretty=true
2. Query specific data
and query documents
GET pro-sec-2023.03/_search
{
“query”: {
“match_all”: {}
}
}
3. Query string (single field query, multi-field combination query is not allowed)
GET /pro-sec-2023.03/_search?q=fields.serverip:10.157.4.121
or
GET /pro-sec-2023.03/_search
{ “query”: { "match":{ "fields.serverip":"10.157.4.121" } } }
4. Match series of match_phrase (phrase query)
GET test1/doc/_search
{ “query”: { “match_phrase”: { “title”: “China” } } } If you only use match, it will return characters containing Chinese or Chinese characters. string
5. Match_phrase_prefix (leftmost prefix query) intelligent search of match series – what starts with
GET test2/_search
{
“query”: {
“match_phrase_prefix”: {
“desc”: “bea”
}
}
}
6. Multi_match is to query the same keyword in multiple fields
GET test2/_search
{ "query": { "multi_match": { "query": "beautiful", "fields": ["title", "desc" ] } } }
Or (specify type as phrase_prefix or match_phrase_prefix)
GET test2/doc/_search
{ “query”: { “multi_match”: { “query”: “bea”, “fields”: [“desc”], “type”: “phrase_prefix” ” } } }
match query related summary
1. match: Return all matching word segments.
2. match_all: Query all.
3. match_phrase: Phrase query. Based on match, you can further query phrases. You can specify the slop word segmentation interval.
4. match_phrase_prefix: Prefix query, prefix matching based on the last phrase in the phrase, can be applied to search prompts, but be careful to match it with max_expanions. In fact, the default is 50…
5. multi_match: Multi-field query, very flexible to use, can complete the work of match_phrase and match_phrase_prefix.
7. Sort query
GET test/_search
{ “query”: { “match_all”: {} }, “sort”: [ { “age”: { “order”: “desc” } } ] } or GET test/_search? q=interest:computer&sort=height:asc
8. Paging query
GET test/doc/_search
{ “query”: { “match_phrase_prefix”: { “name”: “wang” } }, “from”: 0, index starts from “size”: 1 //Show 1 Article }
9. ES’s bool query (must, should)
single condition combination
GET test/_search
{ “query”: { “bool”: { “must”: [ { “match”: { “name”: “wangfei” } } ] } } } Multiple condition combination GET test/doc/_search { “query”: { “bool”: { “must”: [ { “match”: { “name”: “wanggfei” } },{ “match”: { "age": 25 } } ] } } }
If a condition is met, return
GET test/_search
{ “query”: { “bool”: { “should”: [ { “match”: { “name”: “wangjifei” } }, { “match”: { “age” : 27 } } ] } } }
10. filter (condition filter query, the range of filter conditions is represented by range, gt means greater than, lt means less than, gte means greater than or equal to, lte means less than or equal to) GET test/_search { "query": { "bool
"
: { " must ”: [ { “match”: { “name”: “wangjifei” } } ], “filter”: { “range”: { “age”: { “gte”: 10, “lt”: 27 } } } } } } 11. Only view certain attributes GET test3/_search { “query”: { “match”: { “name”: “Gu” } }, “_source”: [“name”, “age”] }
12. The difference between term and match is: match goes through analyzer, that is to say, the document is first processed by the analyzer. According to different analyzers, the analysis results are slightly different, and then matching is performed based on the word segmentation results. Term does not go through word segmentation. It directly searches for the exact value in the inverted index.
GET w1/_search
{ “query”: { “term”: { “t2”: “hi single dog” } } }
GET test/_search
{
“query”: {
“terms”: {
“age”: [
“27”,
“28”
]
}
}
}
13. ES aggregation query avg, max, min, sum
GET zhifou/_search
{ “query”: { “match”: { “from”: “gu” } }, “aggs”: { “my_avg”: { “avg” ": { "field": "age" } } }, "size": "0" (if you only want to see the results and not the specific value) }
14、分组查询
GET zhifou/_search
{
“size”: 0,
“query”: {
“match_all”: {}
},
“aggs”: {
“age_group”: {
“range”: {
“field”: “age”,
“ranges”: [
{
“from”: 15,
“to”: 20
},
{
“from”: 20,
“to”: 25
},
{
“from”: 25,
“to”: 30
}
]
}
}
}
}
查询结果
{
“took” : 9,
“timed_out” : false,
“_shards” : {
“total” : 5,
“successful” : 5,
“skipped” : 0,
“failed” : 0
},
“hits” : {
“total” : 5,
“max_score” : 0.0,
“hits” : [ ]
},
“aggregations” : {
“age_group” : {
“buckets” : [
{
“key” : “15.0-20.0”,
“from” : 15.0,
“to” : 20.0,
“doc_count” : 1
},
{
“key” : “20.0-25.0”,
“from” : 20.0,
“to” : 25.0,
“doc_count” : 1
},
{
“key” : “25.0-30.0”,
“from” : 25.0,
"to" : 30.0,
"doc_count" : 2
}
]
}
}
}
To use the aggregate function to find the average after aggregation, you must first find out the results, and then use the aggregate function to process the results
GET zhifou/_search
{ "size": 0, "query": { "match_all": {} }, "aggs": { "age_group": { "range": { "field": "age", "ranges": [ { "from": 15, "to": 20 }, { "from": 20, "to": 25 }, { "from": 25, "to": 30 } ] }, "aggs": { "my_avg": { "avg" : { "field": "age"
}
}
}
}
}
}