iT邦幫忙

第 12 屆 iT 邦幫忙鐵人賽

DAY 23
0

如果看完前面DSL介紹還是覺得DSL很難的話,可以試試SQL
在7.X版之後內建就支援SQL

使用SQL查詢索引

SQL術語和Elasticsearch術語的對應關係

SQL Elasticsearch
column filed
row document
table index

簡單查詢

POST /_sql?format=txt
{
  "query": "SELECT * FROM \"30day-*\""
}

回傳結果

@timestamp level message staus
2020-09-28T03:51:02.000Z DEBUG 30day very good null
2020-09-28T03:51:03.000Z INFO 30day very good null
2020-09-28T03:51:03.000Z INFO 30day very good 200

WHERE查詢

POST /_sql?format=txt
{
  "query": "SELECT * FROM \"30day-*\" WHERE \"staus\" = 200"
}

WHERE MATCH查詢

POST /_sql?format=txt
{
  "query": "SELECT * FROM \"30day-*\" WHERE MATCH('level', 'INFO')"
}

SQL轉DSL

POST /_sql/translate
{
  "query": "SELECT * FROM \"30day-*\" WHERE \"staus\" = 200"
}

轉出後的DSL

{
  "size" : 1000,
  "query" : {
    "term" : {
      "staus" : {
        "value" : 200,
        "boost" : 1.0
      }
    }
  },
  "_source" : {
    "includes" : [
      "level",
      "message",
      "staus"
    ],
    "excludes" : [ ]
  },
  "docvalue_fields" : [
    {
      "field" : "@timestamp",
      "format" : "epoch_millis"
    }
  ],
  "sort" : [
    {
      "_doc" : {
        "order" : "asc"
      }
    }
  ]
}

上一篇
Day22-設定進階的Watcher-DSL查詢
下一篇
Day24-設定進階的Watcher-建立
系列文
Elastic Stack 是一把梭,用起來再說!!!30

尚未有邦友留言

立即登入留言