最近使用Elasticsearch來做異常監控的存儲,寫了不少ES的索引操作,以及對數據的增刪改查操作,記錄一下,以備不時之需。
# 列出所有索引
GET _cat/indices
# 查看indices
GET /_cat/indices/jz-fe*?v&s=index
# 查看索引的文檔總數
GET jz-fe-http-log/_count
# 刪除索引
DELETE /jz-fe-http-log
# 查看索引相關信息
GET jz-fe-http-log
# 創建索引,禁止自動添加類型字段
PUT /jz-fe-http-log
{
"mappings": {
"dynamic": "strict",
"properties":{
"gitGroup":{"type":"keyword"},
"projectName":{"type":"keyword"},
"level":{"type":"keyword"},
"code":{"type":"keyword"},
"href":{"type":"text"},
"url":{"type":"text"},
"method":{"type":"keyword"},
"param":{"type":"text"},
"response":{"type":"text"},
"message":{"type":"text"},
"stack":{"type":"text"},
"clientDate":{"type":"date","format":"yyyy-MM-dd HH:mm:ss"},
"serverDate":{"type":"date","format":"yyyy-MM-dd HH:mm:ss"},
"uid": {"type":"keyword"},
"phone": {"type":"keyword"},
"os":{"type":"text"},
"platform":{"type":"text"},
"browser":{"type":"keyword"},
"version":{"type":"keyword"},
"userAgent":{"type":"text"},
"status":{"type":"integer"},
"closeDate":{"type":"date","format":"yyyy-MM-dd HH:mm:ss"}
}
}
}
# 更新索引-增加字段
PUT jz-fe-http-log/_mapping
{
"dynamic": "strict",
"properties": {
"status":{"type":"integer"},
"closeDate":{"type":"date","format":"yyyy-MM-dd HH:mm:ss"}
}
}
# 增加數據
POST /jz-fe-http-log/_doc
{
"os":"OS X",
"platform":"iPhone",
"browser":"Safari",
"version":"11.0",
"clientDate":"2019-08-23 18:54:03"
}
# 查詢索引下的所有數據
GET /jz-fe-http-log/_search
{
"query": {
"match_all": {}
}
}
# 指定key查詢
GET /jz-fe-http-log/_search
{
"query": {
"match": {
"_id": "BYG_SG0BW-qMNGXgwzPg"
}
}
}
# 按文檔ID更新指定字段數據
POST /jz-fe-http-log/_doc/R9Wm_mwBAl5tA0U3Hq4l/_update
{
"doc" : {
"status": 1
}
}
# 按id刪除數據
DELETE /jz-fe-http-log/_doc/l0_772wBAl5tA0U3dpBH
# 異常總數
GET /jz-fe-http-log/_search
{
"size":0,
"query": {
"match_all": {}
}
}
# 已處理異常總數
GET /jz-fe-http-log/_search
{
"size":0,
"query": {
"match": {
"status": 1
}
}
}
# 當天異常總數
GET /jz-fe-http-log/_search
{
"size":0,
"query": {
"match": {
"serverDate": "now/1d"
}
}
}
# 今日異常數
POST /jz-fe-http-log/_search
{
"size":0,
"query": {
"bool": {
"must": [
{ "match": { "serverDate": "now/1d" }},
{ "match": { "status": "1" }}
]
}
}
}
# 按照項目名稱分組
GET jz-fe-http-log/_search
{
"size":0,
"aggs": {
"group_by_projectName": {
"terms": {
"field": "projectName"
}
}
}
}
# 指定項目下,錯誤等級分組
GET jz-fe-http-log/_search
{
"size":0,
"query": {
"match": {
"projectName": "daily-clean"
}
},
"aggs": {
"group_by_projectName": {
"terms": {
"field": "level"
}
}
}
}
# 按天分組、計數
GET jz-fe-http-log/_search
{
"size":0,
"aggs": {
"grouy_by_day": {
"date_histogram": {
"field": "serverDate",
"interval": "day",
"format" : "yyyy-MM-dd"
}
}
}
}
# 最近一週問題增長趨勢
GET jz-fe-http-log/_search
{
"size":0,
"query": {
"bool": {
"must": [
{ "match": { "serverDate": "now-1w/w" }}
]
}
},
"aggs": {
"grouy_by_hour": {
"date_histogram": {
"field": "serverDate",
"interval": "hour",
"format" : "yyyy-MM-dd HH:mm:ss"
}
}
}
}
# 指定項目,按message分組
GET jz-fe-http-log/_search
{
"size":0,
"query": {
"bool": {
"must": [
{ "match": { "projectName": "csworker" }}
]
}
},
"aggs": {
"grouy_by_message": {
"terms": {
"field": "message.keyword"
}
}
}
}
# 指定時間段,按項目分組
GET jz-fe-http-log/_search
{
"size":0,
"query": {
"range": {
"serverDate": {
"gt": "2019-09-24 09:00:00",
"lt": "2019-09-24 10:00:00",
"format": "yyyy-MM-dd HH:mm:ss"
}
}
},
"aggs": {
"grouy_by_project": {
"terms": {
"field": "projectName"
}
}
}
}