In Elasticsearch the REST API, there are a lot of tips, here for the presentation of the official documents given, summed up a few common examples.
More Reference: Elastisearch document summary
Multi-Index
ES supports a plurality of index specified in a request, or may use wildcards date expression manner:
For example, foo * index will match foo1, foo2, foo3 and other indexes. All index _all will match.
Also can be restricted for the index unavailable.
Date expression supports the following formats:
<static_name{date_math_expr{date_format|time_zone}}>static_name is still part of the index
date_math_expr is a date expression
Date_format is followed by the date format; time_zone time zone
For example, if you want to check logstash two days before the date, can be written as:
curl -XGET 'localhost:9200/<logstash-{now/d-2d}>/_search' {
"query" : {
...
}
}As another example, the current time is March 22, 2014, then:
<logstash-{now/d}> 会匹配 logstash-2024.03.22
<logstash-{now/M}> 会匹配 logstash-2024.03.01
<logstash-{now/M{YYYY.MM}}> 会匹配 logstash-2024.03
<logstash-{now/M-1M{YYYY.MM}}> 会匹配 logstash-2024.02
<logstash-{now/d{YYYY.MM.dd|+12:00}} 会匹配 logstash-2024.03.23Over the past three days the index can be expressed as:
curl -XGET 'localhost:9200/<logstash-{now/d-2d}>,<logstash-{now/d-1d}>,<logstash-{now/d}>/_search' {
"query" : {
...
}
}filter
All API can accept a parameter, filter_path , this parameter specifies the field after filtration, the returned results will only display the specified content filtering:
curl -XGET 'localhost:9200/_search?pretty&filter_path=took,hits.hits._id,hits.hits._score'
{
"took" : 3,
"hits" : {
"hits" : [
{
"_id" : "3640",
"_score" : 1.0
},
{
"_id" : "3642",
"_score" : 1.0
}
]
}
}It supports the use of wildcards to match
curl -XGET 'localhost:9200/_nodes/stats?filter_path=nodes.*.ho*'
{
"nodes" : {
"lvJHed8uQQu4brS-SXKsNA" : {
"host" : "portable"
}
}
}If you use all of the contents of the two will match **
curl 'localhost:9200/_segments?pretty&filter_path=indices.**.version'
{
"indices" : {
"movies" : {
"shards" : {
"0" : [ {
"segments" : {
"_0" : {
"version" : "5.2.0"
}
}
} ],
"2" : [ {
"segments" : {
"_0" : {
"version" : "5.2.0"
}
}
} ]
}
},
"books" : {
"shards" : {
"0" : [ {
"segments" : {
"_0" : {
"version" : "5.2.0"
}
}
} ]
}
}
}
}If you want to filter _source, you need to reassign _source in the field:
curl -XGET 'localhost:9200/_search?pretty&filter_path=hits.hits._source&_source=title'
{
"hits" : {
"hits" : [ {
"_source":{"title":"Book #2"}
}, {
"_source":{"title":"Book #1"}
}, {
"_source":{"title":"Book #3"}
} ]
}
}Flat result content
Use flat_settings parameters, it will only affect the display of content returned, for example, the returned content is set to true after this the following:
{
"persistent" : { },
"transient" : {
"discovery.zen.minimum_master_nodes" : "1"
}
}And set to false, then:
{
"persistent" : { },
"transient" : {
"discovery" : {
"zen" : {
"minimum_master_nodes" : "1"
}
}
}
}Returns the content formatted
Normal return data, may be mixed in a line, it is difficult the human eye wherein each information, then, can be added at the end of the re-request ? = Pretty to true , or ? Format-yaml to a readable form.
pretty JSON is returned as the result. Direct write? Pretty with? Pretty = true role as
yaml is indented to show the result of using a transverse way.
Back-readable Results
The results returned to readable for us to go naked eye observation is also important, such as:
"exists_time": "1h"
"size": "1kb"
要比
"exists_time_in_millis": 3600000
"size_in_bytes": 1024
容易理解的多reference
[1] YAML format
Reproduced in: https: //my.oschina.net/u/204616/blog/545130