标准的restful接口
查
查看所有index, 等价于show tables;
GET _cat/indices
GET test_index
GET kibana_sample_data_logs?include_type_name=true&include_defaults=true
-
aliases
-
mappings
-
settings
删
DELETE test_index
DELETE test_index?ignore_unavailable=true ==> drop table xx if exists
增
PUT kibana_sample_data_ecommerce2?include_type_name=true
{
"mappings" : {
"_doc" : {
"properties" : {
"@timestamp" : {
"type" : "alias",
"path" : "timestamp"
},
"agent" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"bytes" : {
"type" : "long"
},
"clientip" : {
"type" : "ip"
},
"event" : {
"properties" : {
"dataset" : {
"type" : "keyword"
}
}
},
"extension" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"geo" : {
"properties" : {
"coordinates" : {
"type" : "geo_point"
},
"dest" : {
"type" : "keyword"
},
"src" : {
"type" : "keyword"
},
"srcdest" : {
"type" : "keyword"
}
}
},
"host" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"index" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"ip" : {
"type" : "ip"
},
"machine" : {
"properties" : {
"os" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"ram" : {
"type" : "long"
}
}
},
"memory" : {
"type" : "double"
},
"message" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"phpmemory" : {
"type" : "long"
},
"referer" : {
"type" : "keyword"
},
"request" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"response" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"tags" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timestamp" : {
"type" : "date"
},
"url" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"utc_time" : {
"type" : "date"
}
}
}
},
"settings" : {
"index" : {
"number_of_shards" : "1",
"auto_expand_replicas" : "0-1",
"number_of_replicas" : "1"
}
}
}
改 reindex
POST _reindex?wait_for_completion=true
{
"dest": {
"index": "kibana_sample_data_ecommerce2"
},
"source": {
"index": "kibana_sample_data_ecommerce"
}
}
POST _aliases
{
"actions": [
{
"add": {
"index": "kibana_sample_data_ecommerce2",
"alias": "ecommerce"
}
},
{
"remove": {
"index": "kibana_sample_data_ecommerce",
"alias": "ecommerce"
}
}
]
}
mapping
POST kibana_sample_data_ecommerce2/_mapping
{
"properties": {
"agent": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
},
"hello":{
"type":"keyword",
"ignore_above": 1
}
}
}
}
}
settings
PUT kibana_sample_data_ecommerce2/_settings
{
"index": {
"auto_expand_replicas": "0-1",
"number_of_replicas": "2"
}
}
直接 ==> 插入数据,
让他动态索引(dynamic mapping)得到mapping,在此基础上更改。
字段类型
Field data types
Elasticsearch supports a number of different data types for the fields in a document:
Core data types
-
string
-
long,integer,short,byte,double,float,half_float,scaled_float -
date -
date_nanos -
boolean -
binary -
integer_range,float_range,long_range,double_range,date_range,ip_range
Complex data types
Spatial data types
-
geo_pointfor lat/lon points -
geo_shapefor complex shapes like polygons -
pointfor arbitrary cartesian points. -
shapefor arbitrary cartesian geometries.
Specialised data types
-
ipfor IPv4 and IPv6 addresses -
completionto provide auto-complete suggestions -
token_countto count the number of tokens in a string -
murmur3to compute hashes of values at index-time and store them in the index -
annotated-textto index text containing special markup (typically used for identifying named entities) -
Accepts queries from the query-dsl
-
Defines parent/child relation for documents within the same index
-
Record numeric feature to boost hits at query time.
-
Record numeric features to boost hits at query time.
-
Record dense vectors of float values.
-
Record sparse vectors of float values.
-
A text-like field optimized for queries to implement as-you-type completion
-
Defines an alias to an existing field.
-
Allows an entire JSON object to be indexed as a single field.
-
histogramfor pre-aggregated numerical values for percentiles aggregations. -
Specialization of
keywordfor the case when all documents have the same value.
Arrays
In Elasticsearch, arrays do not require a dedicated field data type. Any field can contain zero or more values by default, however, all values in the array must be of the same data type. See Arrays.
Multi-fields
It is often useful to index the same field in different ways for different purposes. For instance, a string field could be mapped as a text field for full-text search, and as a keyword field for sorting or aggregations. Alternatively, you could index a text field with the standard analyzer, the english analyzer, and the french analyzer.
This is the purpose of multi-fields. Most data types support multi-fields via the fieldsparameter.
"dynamic" : "true" | "false" | "strict"
"copy_to"
数组
多字段特性
简单提下, 下下次专门讲这块
Analysis | Built-in analyzer
char filter
Tokenizer [必须有一个]
token filter
html_strip
mapping
pattern_replace
PUT my-index-000001
{
"settings": {
"analysis": {
"analyzer": {
"my_custom_analyzer": {
"type": "custom",
"tokenizer": "standard",
"char_filter": [
"html_strip"
],
"filter": [
"lowercase",
"asciifolding"
]
}
}
}
}
}