todo
es get start elasticsearch基本用法
up:2023-07-05 11:20:24 edit:2023-07-05 11:20:24 view:588
GET _search
{
  "query": {
    "match_all": {}
  }
}

GET /

POST logs-test-67/_doc
{
  "@timestamp":"2023-07-05T10:10:10.003+08",
  "content":"a test content 2",
  "host":{"hostname":"localhost","ip":"127.0.0.1"}
}

POST logs-test-67/_doc
{
  "@timestamp": "2099-05-06T16:21:15.000Z",
  "event": {
    "original": "192.0.2.43 - - [06/May/2099:16:21:15 +0000] \"GET /images/bg.jpg HTTP/1.0\" 200 24736"
  }
}


GET logs-test-67/_search
{
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}



GET logs-test-67/_search
{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "2023-07-05T10:10:10.001+08",
        "lte": "2023-07-05T10:10:10.003+08"
      }
    }
  }
  
  , "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ]
}

GET logs-test-67/_search
{
  "query": {
    "bool": {
      "must": [
        
      ], 
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": "2098-07-05T10:10:10.001+08",
              "lte": "2100-07-05T10:10:10.003+08"
            }
          }
        }
        
        ,{
          "term": {
            "source.ip": "192.0.2.43"
          }
        }
        
      ]
    }
  },
  "runtime_mappings": {
    "source.ip": {
      "type": "keyword",
      "script": """
        String sourceip=grok('%{IPORHOST:sourceip} .*').extract(doc[ "event.original" ]?.value)?.sourceip;
        if (sourceip != null) emit(sourceip);
      """
    }
  },
  "fields": [
    "source.ip"
  ]
}




PUT test67

POST test67/_doc
{
  "f1":"a col 2",
  "f2":10
}

GET test67/_search

GET test67/_search
{
  "_source": false
  , "fields": [
    "f2","f1"
  ]
}
not in sinaapp