Note: All statements in this section are demonstrated in Kibana
ES supports two basic methods of retrieval
- Send search parameters via the REST Request URI (URI + retrieval parameters);
- Send them via the REST Request Body (URI + request body);
Retrieve the meaning of the information in the returned part of the content
- Took – How many ms searches it takes
- Timed_out – Whether timeout occurs
- _shards – How many shards were searched, and how many successful/failed search shards
- Max_score – Highest document relevance score
- Hits.total. value – How many matching documents are found
- Hits. sort – Sort the results by key (column) or score if none is available
- Hits._score – Not applicable when using match_all
One: DSL domain specific language
Concept: Elasticsearch provides a JSON-style DSL(Domain-Specific Language) that can execute queries. This is called the Query DSL
1.1 Full Query
GET /newbank/_search
Copy the code
1.2 Query with Conditions
Query the record where address contains Lane
GET /newbank/_search
{
"query": {"match": {
"address": "Lane"}}}Copy the code
1.3 Sorting and display
GET /newbank/_search
{
"query": {
"match_all": {}},"from": 0."size": 5."_source": ["balance"]."sort": [{"account_number": {
"order": "desc"}}}]Copy the code
- Match_all query type [stands for query of all indexes], ES can combine many query types in query to complete complex query;
- In addition to the query argument, we can also pass other arguments to change the result of the query, such as sort, size;
- From +size limit, complete paging function;
- If the preceding fields are equal, the subsequent fields will be sorted internally. Otherwise, the previous fields will prevail.
1.4 Query /match Query
If it is not a string, an exact match is performed. If it is a string, full-text retrieval is performed
GET /newbank/_search
{
"query": {
"match": {
"address": "685"}}}Copy the code
1.5query/match_phrase[unsplit matching]
The value to be matched is retrieved as an entire word (regardless of the word)
match_phrase
: Retrieves the string without splitting itField keyword.
: The search succeeds only when all matches are matched
GET /newbank/_search
{
"query": {
"match_phrase": {
"address": "School Lane"}}}Copy the code
1.6query/multi_math
Query all records containing mill in state or address
GET /bank/_search
{
"query": {
"multi_match": {
"query": "mill"."fields": [
"state"."address"]}}}Copy the code
1.7 Query /bool/ MUST Composite query
Compound statements can be merged with any other query statement, including conformance statements. This means that compound statements can be nested within each other and can express very complex logic.
- Must: All the conditions listed in must must be fulfilled
- Must_not: Must not match all conditions listed by must_NOT.
- Should: The conditions listed in should should be met. It is best to meet the conditions, but it is also ok not to meet, meet the score is higher
As shown below, the query address must contain Road, and gender is not all records of F
GET /bank/_search
{
"query": {"bool": {
"must": [{"match": {
"address": "Road"}}]."must_not": [{"match": {
"gender": "F"}}}}}]Copy the code
1.8query/filter
- Must contribute points
- Should contribute score
- Must_not contributes no points
- Filter does not contribute to the score
For documents used only for filtering. Filter is recommended for queries that do not require a score because ElasticSearch automatically checks the scenario and optimizes the query execution.
Query all data whose gender is not F and whose age is between 10 and 20
GET /bank/_search
{
"query": {
"bool": {
"must_not": [{"match": {
"gender": "F"}}]."filter": {
"range": {
"age": {
"gte": 10."lte": 20
}
}
}
}
}
}
Copy the code
All correlation scores you can see from the query results are 0
1.9 query/term
Term is the same as match. Matches the value of an attribute. The difference in usage is
- Full text retrieval fields with match,
- Other non-text fields match with term
Query all records whose balance is 1650
GET /bank/_search
{
"query": {
"term": {
"balance": {
"value": "1650"}}}}Copy the code
Ii. Aggs/AGG1 (Aggregation)
Aggregation provides the ability to group and extract data from data. The simplest aggregation method is roughly equivalent to SQL Group BY and SQL aggregation functions.
In ElasticSearch, the ability to perform a search that returns this (hit result) and returns aggregate results at the same time, separating all hits in the response. This is very powerful and efficient, you can perform queries and multiple aggregations and get each (any) result back in one use, using a concise and simplified API to avoid network round-tripping. The basic grammar
"aggs": {# aggregation"aggs_name":{# The name of this aggregation, which is easily displayed in the result set"AGG_TYPE":{} # aggregate type (avg,term,terms)}}Copy the code
- Terms: look at the possibility distribution of the value, will merge the lock lookup field, give the count
- Avg: Look at the average distribution of values
2.1 Common Aggregation AGGS /aggName
Query the age distribution and average age of all people whose address contains Court
GET /bank/_search
{
"query": {"match": {
"address": "Court"}},"aggs": {
"age1": {
"terms": {
"field": "age"."size": 10}},"ageavg": {"avg": {
"field": "age"}}}}Copy the code
2.2 aggs/aggName/aggs/aggName polymerization
Search for the age distribution and average age of all the people in address that contains Court, and find the average salary of those people in those ages
GET /bank/_search
{
"query": {
"match": {
"address": "Court"}},"aggs": {
"aggs1": {
"terms": {
"field": "age"
},"aggs": {
"aggsAvg": {
"avg": {
"field": "balance"
}
}
}
}
}
}
Copy the code
3. Mapping field Mapping
GET /bank/_mapping
Copy the code
Core data types
(1) String
Text is used for full-text index. When searching, word segmentation will be automatically used for word segmentation and keyword matching. When searching, complete value (2) of numeric type should be matched
Integer: byte, short, INTEGER, long Float: float, half_float, scaled_float, double (3) Date type: date
(4) Range type
Integer_range, long_range, float_range, double_range, date_range
Gt is greater than, lt is less than, and e is equals equals.
Documents that contain this value in the age_limit range are considered matches.
(5) Boolean: Boolean
(6) Binary: Binary treats values as base64-encoded strings that are not stored by default and are not searchable
Complex data types
(1) Objects
- Object Objects can be nested within an object.
(2) Array
- Array
(3) Nested types
- Nested is used for json object arrays
Note: We cannot update an existing field map. Updates must create new indexes and migrate data. Create a mapping:
PUT /newbank
{
"mappings": {
"properties": {
"account_number": {
"type": "long"
},
"address": {
"type": "text"
},
"age": {
"type": "integer"
},
"balance": {
"type": "long"
},
"city": {
"type": "keyword"
},
"email": {
"type": "keyword"
},
"employer": {
"type": "keyword"
},
"firstname": {
"type": "text"
},
"gender": {
"type": "keyword"
},
"lastname": {
"type": "text"."fields": {
"keyword": {
"type": "keyword"."ignore_above": 256}}},"state": {
"type": "keyword"}}}}Copy the code
After es6.0, use the following methods to migrate data.
POST _reindex
{
"source": {"index":"twitter"
},
"dest": {"index":"new_twitters"}}Copy the code
Twitter is source index, new_twitters is the target index, the more knowledge you can refer to the official document www.elastic.co/guide/en/el…