Elasticsearch 經常使用腳本
#date_histogram查詢並按天天分組聚合nginx
GET /logstash-jsy/nginx-access/_search
{
"query": {
"query_string": {
"default_field": "geoip.country_name",
"query": "China"
}
},
"size": 0,
"aggs": {
"time_unit": {
"date_histogram": {
"field": "@timestamp",
"interval": "day",
"format": "yyyy-MM-dd",
"time_zone": "+08:00"
},
"aggs": {
"sum_resBytes": {
"sum": {
"field": "res_Bytes"
}
}
}
}
}
}app
結果:url
{
"key_as_string": "2017-06-21",
"key": 1497974400000,
"doc_count": 977,
"sum_resBytes": {
"value": 35940680
}
}rest
#模糊查詢, 並聚合, 聚合中經過missing 顯示因爲es從片中取數, 沒有取到的數據
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"multi_match": {
"query": "/drivingDetail",
"fields": [
"req_referer"
]
}
},
"aggs": {
"all_interests": {
"terms": {
"field": "geoip.city_name.keyword",
"size": 1000,
"missing": "N/A"
}
}
}
}orm
結果: ip
{
"key": "Dalian",
"doc_count": 6
},
{
"key": "N/A",
"doc_count": 2
}ci
#多條件查詢string
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"geoip.country_name": "China"
}
},
{
"range": {
"@timestamp": {
"gt": "2017-08-14T00:00:00.000",
"lt": "2017-08-14T23:59:00.000",
"time_zone": "+08:00"
}
}
}
]
}
}
}it
#基本聚合
GET /logstash-jsy/nginx-access/_search
{
"aggs": {
"all_interests": {
"terms": { "field": "geoip.city_name" }
}
}
}form
#設置fielddata = true
PUT logstash-jsy/_mapping/nginx-access/
{
"properties": {
"nginx-access.geoip.city_name": {
"type": "text",
"fielddata": true
}
}
}
#date_histogram指定 extended_bounds
GET /logstash-jsy/nginx-access/_search
{
"size" : 0,
"aggs": {
"sales": {
"date_histogram": {
"field": "@timestamp",
"interval": "day" ,
"format": "yyyy-MM-dd",
"extended_bounds" : {
"min" : "2017-08-01",
"max" : "2017-08-07"
}
}
}
}
}
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"geoip.country_name": "China"
}
},
{
"range": {
"@timestamp": {
"gt": "2017-09-05T14:00:00.000",
"lt": "2017-09-05T15:00:00.000",
"time_zone": "+08:00"
}
}
}
]
}
},
"aggs" : {
"articles_over_time" : {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "15s",
"format": "yyyy-MM-dd HH:mm:ss z",
"time_zone": "+08:00"
}
}
}
}
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"match": {
"geoip.city_name": {
"query": "Chaoyang Nanjing",
"operator": "or"
}
}
},
"aggs": {
"all_interests": {
"terms": {
"field": "geoip.city_name.keyword"
}
}
}
}
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"bool":{
"should":[
{ "match_phrase":{ "req_url":"/account/login"}},
{ "match_phrase":{ "req_url":"/account/register"}}
]
}
},
"aggs": {
"sales": {
"date_histogram": {
"field": "@timestamp",
"interval": "6h",
"format": "yyyy-MM-dd-HH"
}
}
}
}
GET /logstash-jsy/nginx-access/_search
{
"size": 0,
"query": {
"match_phrase": {
"req_url": "/account/login"
}
},
"aggs": {
"sales": {
"date_histogram": {
"field": "@timestamp",
"interval": "6h",
"format": "yyyy-MM-dd-HH"
}
}
}
}
形如:
((x) || (y)) && (z)
GET /logstash-jsy/nginx-access/_search { "size": 0, "query": { "bool": { "must": [ { "bool": { "should": [ { "match_phrase": { "req_url": "/account/login" } }, { "match_phrase": { "req_url": "/account/register" } } ] } }, { "match": { "geoip.city_name": "Beijing" } } ] } }, "aggs": { "sales": { "date_histogram": { "field": "@timestamp", "interval": "6h", "format": "yyyy-MM-dd-HH" } } } }
- 1. 經常使用shell腳本
- 2. MongoDB經常使用腳本
- 3. MySQL 經常使用腳本
- 4. shell 經常使用腳本
- 5. 經常使用 PostgreSQL 腳本
- 6. DBA經常使用腳本
- 7. 經常使用shell 腳本
- 8. 經常使用expect 腳本
- 9. 經常使用bat腳本
- 10. mongodb經常使用腳本
- 更多相關文章...
- • Swift 下標腳本 - Swift 教程
- • 服務端腳本 指南 - 網站建設指南
- • Composer 安裝與使用
- • 常用的分佈式事務解決方案
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 經常使用shell腳本
- 2. MongoDB經常使用腳本
- 3. MySQL 經常使用腳本
- 4. shell 經常使用腳本
- 5. 經常使用 PostgreSQL 腳本
- 6. DBA經常使用腳本
- 7. 經常使用shell 腳本
- 8. 經常使用expect 腳本
- 9. 經常使用bat腳本
- 10. mongodb經常使用腳本