elk快速入門-在kibana中如何使用devtools操做elasticsearch

在kibana中如何使用devtools操做elasticsearch：
前言：
首先須要安裝elasticsearch,kibana ,下載地址 https://www.elastic.co/cn/downloads/
權威指南：https://www.elastic.co/guide/cn/index.html
視頻：https://www.elastic.co/cn/webinars/getting-started-elasticsearch?elektra=home&storm=sub1
https://www.elastic.co/cn/webinars/getting-started-kibana?elektra=home&storm=sub2
https://www.elastic.co/cn/webinars/getting-started-logstash
1.登陸到kibana:http://localhost:5601/app/kibana#/dev_tools/console?_g=()
2.打開devtools
3.基本使用：
獲取es基本信息，效果與直接訪問http://localhost:9200/同樣， 在devtools中能夠省去http://localhost:9200這一截
GET /

結果==>>

{
"name" : "DESKTOP-1HUG1AS",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "VLtxooalQyKdSzQp0V_gcg",
"version" : {
"number" : "7.1.0",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "606a173",
"build_date" : "2019-05-16T00:43:15.323135Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

 

GET /_cat/health

結果==>>

=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates

新增本身的數據：（若是使用POST test001/doc不帶1,系統會每次本身生產一個_id）
POST test001/doc/1
{
"user":"zhangsan",
"age":18,
"city":"深圳"
}
查詢
GET test001/doc/1

更新
put test001/doc/1
{
"user":"zhangsan",
"age":18,
"city":"sz",
"location":{
"jd":12,
"wd":34
}
}

刪除單個
DELETE test001/doc/1

刪除全部
DELETE test001

檢索全部數據
GET test001/_search

批量新增： 第一行表示操做，第二行表示數據內容，注意數據內容須要在一行，不能跨行，不然會新增不成功
POST _bulk
{"index":{"_index":"test002","_type":"doc"}}
{"user":"zhangsan", "age":30,"message":"happy birthday","city":"北京","location":{"jd":12,"wd":34}}
{"index":{"_index":"test002","_type":"doc"}}
{"user":"lisi", "age":30,"message":"happy birthday","city":"上海","location":{"jd":12,"wd":34}}
{"index":{"_index":"test002","_type":"doc"}}
{"user":"wangwu", "age":35,"message":"Happy birthday","city":"深圳","location":{"jd":12,"wd":34}}
{"index":{"_index":"test002","_type":"doc"}}
{"user":"zhaoliu", "age":40,"message":"birthday happy","city":"深圳","location":{"jd":12,"wd":34}}

根據單個條件查詢，city爲"深圳"的數據
GET test002/_search
{
"query": {"match": {
"city": "深圳"
}}
}

根據多個條件查詢，city爲"深圳" 而且age=35的數據
GET test002/_search
{
"query": {
"bool": {"must": [
{"match": {
"city": "深圳"
}},{"match": {
"age": "35"
}}
]}
}
}

根據單個條件查詢（取反操做），city不爲"深圳"的數據
GET test002/_search
{
"query": {"bool": {"must_not": [
{"match": {
"city": "深圳"
}}
]}}
}

查詢或的條件，city爲"上海"或city爲"深圳"的數據
GET test002/_search
{
"query": {"bool": {"should": [
{"match": {
"city": "上海"
}},{"match": {
"city": "深圳"
}}
]}}
}

若是隻想查詢數量，不想查詢數據，只須要將_search換成_count便可
GET test002/_count 不帶條件
或者
GET test002/_count
{
"query": {"bool": {"should": [
{"match": {
"city": "上海"
}},{"match": {
"city": "深圳"
}}
]}}
}

範圍查詢range,查詢age爲30到35歲的記錄
GET test002/_search
{
"query": {
"range": {
"age": {
"gte": 30,
"lte": 35
}
}
}
}

排序sort,對age降序排序
GET test002/_search
{
"query": {
"range": {
"age": {
"gte": 30,
"lte": 35
}
}
},"sort": [
{
"age": {
"order": "desc"
}
}
]
}

對某個字段如message查詢關鍵字包含happy birthday的數據,會查詢出birthday happy的數據
GET test002/_search
{
"query": {
"match": {
"message": "happy birthday"
}
}
}

而使用match_phrase，就不會查詢birthday happy的數據了
GET test002/_search
{
"query": {
"match_phrase": {
"message": "happy birthday"
}
}
}

對關鍵字高亮highlight,如對message進行高亮。 es會加上em的標籤如："<em>happy</em> <em>birthday</em>"
GET test002/_search
{
"query": {
"match_phrase": {
"message": "happy birthday"
}
},
"highlight": {
"fields": {
"message":{}
}
}
}

對查詢結果聚合使用aggs，如想統計20-30，30-40,40-100歲的人分別有多少個 。查看aggregations結果
GET test002/_search
{
"aggs": {
"age": {
"range": {
"field": "age",
"ranges": [
{
"from": 20,
"to": 30
},
{
"from": 30,
"to": 40
},
{
"from": 40,
"to": 100
}
]
}
}
}
}

若是不想看到詳情數據，能夠增長一個屬性"size":0 ，在hits中就看不到數據了
GET test002/_search
{
"size": 0,
"aggs": {
"age": {
"range": {
"field": "age",
"ranges": [
{
"from": 20,
"to": 30
},
{
"from": 30,
"to": 40
},
{
"from": 40,
"to": 100
}
]
}
}
}
}

統計某個字段個數，使用aggs和terms，相似group by分組
GET test002/_search
{
"size": 0,
"aggs": {
"city": {
"terms": {
"field": "city.keyword",
"size": 10
}
}
}
}

 

type:text的字段默認會有analyzer:standard的屬性（內置分析器）

查看Happy Birthday會被分析器如何分析
GET test002/_analyze
{
"text": ["Happy Birthday"],
"analyzer": "standard"
}

結果==>>
{
"tokens" : [
{
"token" : "happy",
"start_offset" : 0,
"end_offset" : 5,
"type" : "<ALPHANUM>",
"position" : 0
},
{
"token" : "birthday",
"start_offset" : 6,
"end_offset" : 14,
"type" : "<ALPHANUM>",
"position" : 1
}
]
}
能夠看到Happy Birthday 被拆分紅happy 和 birthday 而且都轉成小寫了

若是之間帶了. 那麼是不會作拆分的，只會轉成小鞋
GET test002/_analyze
{
"text": ["Happy.Birthday"]
}
結果==>>
{
"tokens" : [
{
"token" : "happy.birthday",
"start_offset" : 0,
"end_offset" : 14,
"type" : "<ALPHANUM>",
"position" : 0
}
]
}

若是之間帶了. 還有什麼辦法能夠拆分嗎？使用simple分析器"analyzer": "simple"
GET test002/_analyze
{
"text": ["Happy.Birthday"],
"analyzer": "simple"
}
結果==>>
{
"tokens" : [
{
"token" : "happy",
"start_offset" : 0,
"end_offset" : 5,
"type" : "word",
"position" : 0
},
{
"token" : "birthday",
"start_offset" : 6,
"end_offset" : 14,
"type" : "word",
"position" : 1
}
]
}

tokenizer和analyzer相似。"tokenizer": "standard"會作拆分，而"tokenizer": "keyword"會當作一個總體
GET test002/_analyze
{
"text": ["Happy Birthday"],
"tokenizer": "standard"
}
結果==>>
{
"tokens" : [
{
"token" : "Happy",
"start_offset" : 0,
"end_offset" : 5,
"type" : "<ALPHANUM>",
"position" : 0
},
{
"token" : "Birthday",
"start_offset" : 6,
"end_offset" : 14,
"type" : "<ALPHANUM>",
"position" : 1
}
]
}

GET test002/_analyze
{
"text": ["Happy Birthday"],
"tokenizer": "keyword"
}

結果==>>
{
"tokens" : [
{
"token" : "Happy Birthday",
"start_offset" : 0,
"end_offset" : 14,
"type" : "word",
"position" : 0
}
]
}

能夠看到上面的結果沒有轉成小寫，若是要轉成小寫，增長"filter": ["lowercase"]
GET test002/_analyze
{
"text": ["Happy Birthday"],
"tokenizer": "standard",
"filter": ["lowercase"]
}
結果==>>
{
"tokens" : [
{
"token" : "happy",
"start_offset" : 0,
"end_offset" : 5,
"type" : "<ALPHANUM>",
"position" : 0
},
{
"token" : "birthday",
"start_offset" : 6,
"end_offset" : 14,
"type" : "<ALPHANUM>",
"position" : 1
}
]
}

 

查詢數據類型
GET test002/_mapping
"type"爲keyword表明不可拆分不能作分詞是一個總體，text表明能夠作分詞

設置分片數
PUT test003
{
"settings": {"number_of_shards": 1}
}

設置_mapping 地理位置location字段爲geo_point
PUT test003/_mapping
{
"properties": {
"user":{
"type": "text",
"fields":{
"keyword":{
"type":"keyword",
"ignore_above":256
}
}
},
"city":{
"type": "keyword"
},
"location":{
"type": "geo_point"
},
"message":{
"type": "text"
}

}
}

新增數據POST _bulk{"index":{"_index":"test003","_type":"doc"}}{"user":"zhangsan", "age":30,"message":"happy birthday","city":"北京","location":{"lat":30,"lon":40}}{"index":{"_index":"test003","_type":"doc"}}{"user":"lisi", "age":30,"message":"happy birthday","city":"上海","location":{"lat":38.970718,"lon":116.325747}}{"index":{"_index":"test003","_type":"doc"}}{"user":"wangwu", "age":35,"message":"Happy birthday","city":"深圳","location":{"lat":37.970718,"lon":116.325747}}{"index":{"_index":"test003","_type":"doc"}}{"user":"zhaoliu", "age":40,"message":"birthday happy","city":"深圳","location":{"lat":36.970718,"lon":116.325747}}