Kibana按照索引过滤数据
1.创建索引模式
2.查询索引中的数据
Es查询不返回数据
创建索引的时候指定mapping
mappings={ "mappings": { "_doc": { "_source": { "enabled": True } } } } # print("创建新的索引") es.indices.create(index=indexname,body=mappings)
查询的时候指定返回哪些字段
1.开发工具智能提示查询
Es处理查询超时问题
class esLogAPI(object): def __init__(self,url): self.es = Elasticsearch(url,timeout=50) res = self.es.search(body=body)
手动安装elasticsearch模块
copying elasticsearch6.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO zip_safe flag not set; analyzing archive contents... creating 'dist/elasticsearch6-6.4.2-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing elasticsearch6-6.4.2-py2.7.egg Removing /usr/lib/python2.7/site-packages/elasticsearch6-6.4.2-py2.7.egg Copying elasticsearch6-6.4.2-py2.7.egg to /usr/lib/python2.7/site-packages elasticsearch6 6.4.2 is already the active version in easy-install.pth Installed /usr/lib/python2.7/site-packages/elasticsearch6-6.4.2-py2.7.egg Processing dependencies for elasticsearch6==6.4.2 Searching for urllib3==1.24.1 Best match: urllib3 1.24.1 Adding urllib3 1.24.1 to easy-install.pth file Using /usr/lib/python2.7/site-packages Finished processing dependencies for elasticsearch6==6.4.2 [root@ elasticsearch6-6.4.2]# python Python 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from elasticsearch6 import * >>> from elasticsearch import * Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: No module named elasticsearch >>> exit()
Es查询聚合按时间段切分
在聚合得基础上按时间段切分分组可以使用date histogram
body2={"aggs":{"3":{"date_histogram":{"field":"mydate","interval":"1d","time_zone":"Asia/Shanghai","min_doc_count":0},"aggs":{"2":{"cardinality":{"field":"uid"}}}}},"size":0,"_source":{"excludes":[]},"stored_fields":["*"],"script_fields":{},"docvalue_fields":[{"field":"@timestamp","format":"date_time"},{"field":"canvas-workpad.@created","format":"date_time"},{"field":"canvas-workpad.@timestamp","format":"date_time"},{"field":"maps-telemetry.timeCaptured","format":"date_time"},{"field":"mydate","format":"date_time"},{"field":"task.runAt","format":"date_time"},{"field":"task.scheduledAt","format":"date_time"},{"field":"updated_at","format":"date_time"},{"field":"url.accessDate","format":"date_time"},{"field":"url.createDate","format":"date_time"}],"query":{"bool":{"must":[{"match_all":{}},{"match_all":{}},{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"czmc":"start:查询明细列表"}}]}},{"range":{"mydate":{"gte":1568365700473,"lte":1570957700473,"format":"epoch_millis"}}},{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"czmc":"start:查询明细列表"}}]}}],"filter":[],"should":[],"must_not":[]}},"timeout":"30000ms"}
创建自定义索引的时候无法保存自定义列的数据
outlist.append({"channelId":item["key"],"appId":item["3"]["buckets"][0]["key"]})
for data in outlist:
res = es.index(index=indexname, doc_type="doc", body=data)
1.修改默认doc类型的mapping,把自定义的列加入到默认mapping配置中
2.把自己的数据存入到在mapping中已经存在的某个字段中
