preface

All operations are based on The Devs Tools of Kibana, the related installation can be seen:

How to use ElasticSearch for MacOS

ElasticSearch on Kibana (MacOS)

Json data form

ES data is stored in JSON format

Create a document

PUT/index index/ type type/ document ID {JSON statement}

We enter:

PUT /megacorp/employee/1
{
    "first_name" : "John",
    "last_name" :  "Smith",
    "age" :        25,
    "about" :      "I love to go rock climbing",
    "interests": [ "sports", "music" ]
}
Copy the code

Continue adding some documentation:

PUT /megacorp/employee/2
{
    "first_name" :  "Jane",
    "last_name" :   "Smith",
    "age" :         32,
    "about" :       "I like to collect rock albums",
    "interests":  [ "music" ]
}

PUT /megacorp/employee/3
{
    "first_name" :  "Douglas",
    "last_name" :   "Fir",
    "age" :         35,
    "about":        "I like to build cabinets",
    "interests":  [ "forestry" ]
}
Copy the code

Retrieve document /index/type/ ID

GET/index index/ type type/ document ID

We enter:

GET /megacorp/employee/1
Copy the code

Get:

{
  "_index" : "megacorp",
  "_type" : "employee",
  "_id" : "1",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "first_name" : "John",
    "last_name" : "Smith",
    "age" : 25,
    "about" : "I love to go rock climbing",
    "interests" : [
      "sports",
      "music"
    ]
  }
}
Copy the code

_index: indicates the index name

_type: indicates the type name

_ID: indicates the id of a document.

_version: indicates the version of this document. Since we have not modified it, the version is 1 and will increase after modification.

_seq_no: indicates the serial number.

_primary_term: an integer like _seq_NO. _primary_term is incremented by 1 whenever a Primary Shard is reallocated, such as a restart or a Primary election.

Found: The value is true if the search succeeds, and false if the search fails.

_source: Data source, JSON ontology

Light search /index/type/_search

We enter:

GET /megacorp/employee/_search
Copy the code

Get:

{ "took" : 23, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : , "hits" : {0} "total" : {" value ": 3," base ":" eq "}, "max_score" : 1.0, "hits" : [{" _index ": "Megacorp _type", "" :" the employee ", "_id" : "1", "_score" : 1.0, "_source" : {" first_name ":" John ", "last_name" : "Smith", "age" : 25, "about" : "I love to go rock climbing", "interests" : [" sports ", "music"]}},... (omitted)Copy the code

Time took:

Timed_out: indicates whether timeout occurs

_shards. Total: indicates the total number of fragments

Hits. Total: indicates the queried number

Hits. max_score: indicates the maximum matching score

Hits. hits: indicates the queried result

Hits. _score: indicates the matching score

Summary of the query

The query is mainly divided into field query and compound query.

• Field class query: Query only one field, such as match and term.
• Compound query: One or more fields can be queried, such as bool query.

Field query mainly includes two types: word matching and full text matching.

• Term Level Query: directly matches the inverted index of the field without word segmentation for the Query statement. Word matching includes term, terms, range, exist, IDS, prefix, fuzzy, wildcard and other query statements:

• Full Text Query: Query the Text of the specified field. For example, if the Query Text is “I am on the side of the road”, es will be divided into “I”, “in”, “road”, and then match. Full-text matching includes match, match_PHRASE, multi_match, match_phrase_prefix, querY_string, simple_query_string and other query statements.

Query Query: match

Match is the most basic field class query syntax based on full-text retrieval

Remember our data:

To find all the words that contain like in the about field, we type:

GET /megacorp/employee/_search
{
  "query" : {
    "match": {
      "about": "like"
    }
  }
}
Copy the code

Get:

{ "took" : 101, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : , "hits" : {0} "total" : {" value ": 2, the" base ":" eq "}, "max_score" : 0.49376786, "hits" : [{" _index ": "Megacorp _type", "" :" the employee ", "_id" : "3", "_score" : 0.49376786, "_source" : {" first_name ": "Douglas", "last_name" : "Fir", "age" : 35, "about" : "I like to build cabinets", "interests" : ["forestry"]}},............ (omitted below)Copy the code

We get two pieces of data, both of which contain the word like in the about field.

If we type:

GET /megacorp/employee/_search
{
  "query" : {
    "match": {
      "about": "like climbing"
    }
  }
}
Copy the code

All three results are displayed, indicating that words are searched logically by default with “or” without actually having the word “like climbing”.

Query Indicates a query: match-operator

Query The match API of a query can also specify the matching of multiple search term relationships using the operator keyword. (Default to “or” logic if operator is not specified)

We enter:

= = = = = = = = multi-parameter search expression = = = = = = = = = = GET/index/type / _search {" query ": {" match" : {" search document fields ": {" query" : "search words", "operator" : "Logic"}}}} = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = GET/megacorp/employee / _search {" query ": {" match" : {" about ": { "query": "go climbing", "operator": "and" } } } }Copy the code

In this case, the operator is a logical relationship of “and”, that is, it must be a document doc that contains both go and climbing words in the about field to be searched.

Get:

{ "took" : 11, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : , "hits" : {0} "total" : {" value ": 1, the" base ":" eq "}, "max_score" : 1.9155619, "hits" : [{" _index ": "Megacorp _type", "" :" the employee ", "_id" : "1", "_score" : 1.9155619, "_source" : {" first_name ":" John ", "last_name" : "Smith", "age" : 25, "about" : "I love to go rock climbing", "interests" : [ "sports", "music" ] } } ] } }Copy the code

Query query: match-minimum_should_match

Minimum_should_match specifies the minimum number of search terms.

For example, when searching for a word order listed as “to rock climbing”, the resulting documents must contain at least “to rock “or” rock climbing”, the documents containing only “to “cannot be searched.

We enter:

GET /megacorp/employee/_search
{
  "query" : {
    "match": {
      "about" : {
        "query": "to rock climbing",
        "minimum_should_match": 2
      }
    }
  }
}
Copy the code

Get:

{ "took" : 9, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 2, "relation" : "eq" }, ...... .Copy the code

Query Query: match_phrase

Match_phrase also retrieves fields.

The difference with match is that match is unordered and match_query is ordered.

We enter:

GET /megacorp/employee/_search
{
  "query" : {
    "match_phrase": {
      "about" : "climbing rock"
    }
  }
}
Copy the code

It turned out to be nothing.

Query Query: match_phrase-slop

Match_phrase can add the slop parameter to control the allowed interval between words

GET /megacorp/employee/_search
{
  "query" : {
    "match_phrase": {
      "about" : {
        "query": "climbing rock",
        "slop": 2
      }
    }
  }
}
Copy the code

We got a hit this time.

Query Query: query_string

Query_string, like the match-operator statement of a Query query, searches for a specified search word in a specified field and can be restricted by an “and/or” logical relationship.

Search results in the About field, no go and rock, we type:

= = = = = = = = = = = expression = = = = = = = = = = = = = GET/megacorp/employee / _search {" query ": {" query_string" : {" default_field ": "Target field ", "query": "Search word string + AND/OR/NOT logic, such as"}}} = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = GET/megacorp/employee / _search {" query ": { "query_string": { "default_field": "about", "query": "NOT go AND rock" } } }Copy the code

Get:

{ "took" : 64, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : , "hits" : {0} "total" : {" value ": 1, the" base ":" eq "}, "max_score" : 0.4589591, "hits" : [{" _index ": "Megacorp _type", "" :" the employee ", "_id" : "2", "_score" : 0.4589591, "_source" : {" first_name ":" Jane ", "last_name" : "Smith", "age" : 32, "about" : "I like to collect rock albums", "interests" : [ "music" ] } } ] } }Copy the code

You can also search for multiple fields:

GET /megacorp/employee/_search
{
  "query" : {
    "query_string": {
      "fields": ["about", "last_name"],
      "query": "to AND Smith"
    }
  }
}
Copy the code

You get two results that include both the word to in the About field and the word Smith in the last_name field.

reference

The official document in Chinese www.elastic.co/guide/cn/el…

Blog.csdn.net/fanrenxiang…