HTTP: // www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html HTTPS: // github.com/elastic/elasticsearch ### [execute the following command on multiple machines] ### #es need to use the non-root user startup, all create a xiaoniu user: useradd xiaoniu # hadoop add a password for the user: echo 123456 | passwd - stdin xiaoniu # bigdata will add to sudoers echo "xiaoniu ALL = (root) NOPASSWD: ALL "| TEE /etc/sudoers.d/ xiaoniu chmod 0440 /etc/sudoers.d/ xiaoniu # resolve sudo: sorry, you must have a tty to run sudo problem, in / etc / sudoer comment out the line Default requiretty sudo sed-i 'S / Defaults requiretty / Defaults:! xiaoniu requiretty /' / etc / the sudoers # Create a directory with BigData mkdir / {with BigData, Data} # Add to the appropriate directory permissions chown -R & lt xiaoniu: xiaoniu / {with BigData, Data} -------------------------------------------------- ----------------------------------------------- 1. install JDK (1.8 JDK claim .20 or more) 2 . upload installation package es 3 . codecs es the tar -zxvf elasticsearch-5.4.3.tar.gz -C / with BigData / . 4 . modify arranged VI /bigdata/elasticsearch-5.4.3/ config / elasticsearch.yml # cluster name, by the way multicast communication, judging by the name of which cluster belongs cluster.name: BigData # node name, to be the only node.name: es-1 # data storage location Path.Data: / Data / ES / Data # log storage location (optional) path.logs: / Data / ES / logs #es binding ip address network.host: centos7 -2 # initialization node may be elected discovery.zen.ping.unicast.hosts: [ "node-. 4", "node-. 5", "node-. 6" ] /bigdata/elasticsearch-5.4.3/bin/elasticsearch - D - -------------------------------------------------- ---------------------------------------------- # errors [ . 1]: max File descriptors [4096] for elasticsearch Process Low IS TOO, AT to Increase Least [65536 ] [2]: max Virtual Memory Areas vm.max_map_count [65530] IS TOO Low, Increase to AT Least [262144 ] # users can create a maximum number of files that are too small sudo vi / etc / Security / limits.conf * Soft nofile 65536 * Hard nofile 65536 # number of files can be opened to view the ulimit - Hn # maximum virtual memory is too small the sudo VI / etc / the sysctl.conf vm.max_map_count = 262144 # view the virtual memory size the sudo sysctl - P . 5 . scp copy to other nodes using scp -R & lt 5.4.3-elasticsearch / node. 5- : $ the PWD SCP -R & lt elasticsearch-5.4.3 /-node. 6 : $ the PWD . 6 . es disposed modified on other nodes, have to be modified and network.host node.name 7. Start es (/bigdata/elasticsearch-5.4.3/bin/elasticsearch - H help documentation) /bigdata/elasticsearch-5.4.3/bin/elasticsearch - d 8 . Es access to the machine where the browser's 9200 port http : // centos7-2: 9200 / { "name": "Node-2" , "CLUSTER_NAME": "with BigData" , "cluster_uuid": "v4AHbENYQ8-M3Aq8J5OZ5g" , "Version" : { "Number": "5.4. . 3 " , " build_hash ":" eed30a8 " , " build_date ":" 2017-06-22T00: 34 is: 03.743Z " , " build_snapshot ": to false , "lucene_version" : "6.5.1" }, "tagline": "by You Know, for Search" } the kill `PS -ef | grep elasticsearch | grep -v grep | awk '{Print $ 2}' ` # View cluster status curl -XGET 'HTTP: // centos7-1: 9200 / _cluster / Health Pretty '? HTTP: // centos7-2: 9200 / _cluster / Health Pretty? --------------------------- -------------------------------------------------- ------------------------------------- Elk provided in the form of an http request for data access CURD Elk using lucene bottom, then the index content including the underlying storage structures and lucene mysql completely different concept similar type id index index corresponds to the database type table id primary key HTTP: // centos7-3: 9200 / BW / student / 1 -d {} format RESTful interface of the URL: HTTP: //centos7-2: 9200 / <index> / <type> / [<id>] where index, type must be provided. id is optional and does not provide es will be automatically generated. index, type the hierarchical information, which will help management. It is understood that the database index; type is understood as the data table; key ID corresponding to the primary database table record is unique. post get put delete update data is stored in elk with id, so based on the id of the store and delete, and modify storage when the elk is distributed, it can be understood as zk. Their identities equality elasticSearch just have a main course and from other processes, maintaining data consistency # to add a number of books to store the index curl -XPUT 'HTTP: // centos7-1: 9200 / store / Books / 1' - D '{ "title": "elasticsearch: of The Definitive Guide" , "name" : { "First": "Zachary" , "Last": "Tong" }, "the publish_date": "2015-02-06" , # In linux way query by curl curl -XGET 'HTTP: // centos7-2: 9200 / Store / Books / 1' # query browser HTTP: // centos7-2: 9200 / Store / Books / 1 # adding a book information curl -XPUT 'HTTP: // centos7-1: 9200 / Store / books / 2' -d '{ "title": "elasticsearch Blueprints" , "name" : { "First": "Vineeth " , " Last ":" Mohan " }, " the publish_date ":" 2015-06-06 " , ". price ":" 35.99 " , " WordCount ": 10000000000000 } ' # document information obtained by the ID curl -XGET'http: // centos7-2: 9200 / Store / Books / 2 ' # in your browser to view the HTTP: //92.168.10.18:9200/store/books/1 # _source obtained by the specified field curl -XGET 'HTTP: // centos7-2: 9200 / Store / Books / = 1 _source title?' Curl -XGET 'HTTP: / ? / centos7-2: 9200 / Store / Books / = 1 _Source title,. price ' curl ? -XGET' HTTP: // centos7-2: 9200 / Store / Books / 1 _Source ' # can be updated by way of covering curl - the XPUT 'HTTP: // centos7-2: 9200 / Store / Books /. 1' -d '{ "title": "elasticsearch: of The Definitive Guide" , "name" : { "First": "Zachary" , "Last" : "Tong" }, "the publish_date": "2016-02-06" , ". price": "99.99 " } ' # you want to update or update separately by way of _update API curl-XPOST 'http://centos7-2:9200/store/books/1/_update' -d '{ "doc": { "price" : 88.88 } }' curl -XGET 'http://centos7-2:9200/store/books/1' #删除一个文档 curl -XDELETE 'http://centos7-2:9200/store/books/1' curl -XPUT 'http://centos7-2:9200/store/books/1' -d '{ "title": "Elasticsearch: The Definitive Guide", "author": "Guide", "publish_date":"2016-02-06", "price":"35.99" }' #https://www.elastic.CO / Guide / EN / elasticsearch / Reference / Current / Query-dsl.html # SELECT# simple filter queriesThe FROM Books. Price = the WHERE * 35.99 # Filtered query the price is 35.99 # returned score is 1. 0 curl -XGET 'HTTP: // centos7-2: 9200 / Store / Books / _search' -d '{ "Query" : { "BOOL" : { "MUST" : { "MATCH_ALL" : {} }, "filter" : { "Term" : { ". price": 35.99 } } } } } ' # returned partial yes 1. 0 curl -XGET 'HTTP: // centos7-2: 9200 / Store / Books / _search' -d '{ "Query" : { "constant_score": { "filter" : { "Term" : { ". price": 35.99 } } } } } ' # is returned points of 0. The 0 curl -XGET' HTTP: // centos7-2: 9200 / Store / Books / _search ' -d '{ "Query" : { "BOOL" : { "filter" : { "Term" : { ". price": 35.99 } } } } } ' # specify multiple values curl -XGET 'HTTP: // centos7- 2:9200/store/books/_search' -d '{ "query" : { "bool" : { "filter" : { "terms" : { "price" : [35.99, 99.99] } } } } }' curl -XGET 'http://centos7-2:9200/store/books/_search' -d '{ "query" : { "bool" : { "must": { "match_all": {} }, "filter" : { "terms" : { "price" : [35.99, 99.99] } } } } } ' #Use Store; #github # the SELECT * Books the WHERE the publish_date the FROM = "2015-02-06" curl -XGET' HTTP: // centos7-2: 9200 / Store / Books / _search '-d' { "query" : { "BOOL" : { "filter" : { "Term" : { "the publish_date": "2016-02-06" } } } } } ' # BOOL filtering query, the query can be combined filter #must Should must_not # the SELECT! * The FROM Books the WHERE (OR. Price. Price = 35.99 = 99.99) the publish_date the AND = "2016-02-06" # similar, Elasticsearch there and, or, not such a combination of conditions query # format: # { # " BOOL " : { # " mUST " : [], # " Should " : [], # " must_not " : [], #} #} # # mUST: conditions must be met, corresponding to and # Should: also satisfy condition you can not satisfy, equivalent or # must_not: not required to meet the conditions, equivalent Not curl -XGET 'HTTP: // centos7-2: 9200 / Store / Books / _search' -d '{ "Query" : { "BOOL" : { "Should" : [ { "term" : {"price" : 35.99}}, { "term" : {"price" : 99.99}} ], "must_not" : { "term" : {"publish_date" : "2016-02-06"} } } } }' # 嵌套查询 # SELECT * FROM books WHERE price = 35.99 OR ( publish_date = "2016-02-06" AND price = 99.99 ) curl -XGET 'http://centos7-2:9200/store/books/_search' -d '{ "query": { "bool": { "should": [ { "term": { "price": 35.99 } }, { "bool": { "must": [ { "term": { "publish_date": "2016-02-06" } }, { "term": { "price": 99.99 } } ] } } ] } } } ' # Range scope filtering # the SELECT * the FROM. Price Books the WHERE> the AND. Price = 10 <99 # gt: > greater than # lt: < less than # GTE: > = greater than or equal # LTE: <= Less than or equal curl -XGET' HTTP: centos7-2 //: 9200 / Store / Books / _search '-d' { "Query" : { "Range" : { ". price" : { "GTE": 10 , "lt": 100 } } } } ' #mutilQuery #NAME and the author must be included Guide, and the price is equal to 33.99 or 188.99 curl -XGET 'http://centos7-2:9200/store/books/_search' -d '{ "query": { "bool": { "must": { "multi_match": { "operator": "and", "fields": [ "name", "author" ], "query": "Guide" } }, "filter": { "terms": { "price": [ 35.99, 188.99 ] } } } } }' http://centos7-2:9200/store/books/_search