Kibana按照索引过滤数据
1.创建索引模式
2.查询索引中的数据
Es查询不返回数据
创建索引的时候指定mapping
mappings={
"mappings": {
"_doc": {
"_source": {
"enabled": True
}
}
}
}
# print("创建新的索引")
es.indices.create(index=indexname,body=mappings)
查询的时候指定返回哪些字段
1.开发工具智能提示查询
Es处理查询超时问题
class esLogAPI(object):
def __init__(self,url):
self.es = Elasticsearch(url,timeout=50) res = self.es.search(body=body)
手动安装elasticsearch模块
copying elasticsearch6.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating 'dist/elasticsearch6-6.4.2-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing elasticsearch6-6.4.-py2..egg
Removing /usr/lib/python2./site-packages/elasticsearch6-6.4.-py2..egg
Copying elasticsearch6-6.4.-py2..egg to /usr/lib/python2./site-packages
elasticsearch6 6.4. is already the active version in easy-install.pth Installed /usr/lib/python2./site-packages/elasticsearch6-6.4.-py2..egg
Processing dependencies for elasticsearch6==6.4.
Searching for urllib3==1.24.
Best match: urllib3 1.24.
Adding urllib3 1.24. to easy-install.pth file Using /usr/lib/python2./site-packages
Finished processing dependencies for elasticsearch6==6.4. [root@ elasticsearch6-6.4.]# python
Python 2.7. (default, Jun , ::)
[GCC 4.8. (Red Hat 4.8.-)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from elasticsearch6 import *
>>> from elasticsearch import *
Traceback (most recent call last):
File "<stdin>", line , in <module>
ImportError: No module named elasticsearch
>>> exit()
Es查询聚合按时间段切分
在聚合得基础上按时间段切分分组可以使用date histogram
body2={"aggs":{"":{"date_histogram":{"field":"mydate","interval":"1d","time_zone":"Asia/Shanghai","min_doc_count":},"aggs":{"":{"cardinality":{"field":"uid"}}}}},"size":,"_source":{"excludes":[]},"stored_fields":["*"],"script_fields":{},"docvalue_fields":[{"field":"@timestamp","format":"date_time"},{"field":"canvas-workpad.@created","format":"date_time"},{"field":"canvas-workpad.@timestamp","format":"date_time"},{"field":"maps-telemetry.timeCaptured","format":"date_time"},{"field":"mydate","format":"date_time"},{"field":"task.runAt","format":"date_time"},{"field":"task.scheduledAt","format":"date_time"},{"field":"updated_at","format":"date_time"},{"field":"url.accessDate","format":"date_time"},{"field":"url.createDate","format":"date_time"}],"query":{"bool":{"must":[{"match_all":{}},{"match_all":{}},{"bool":{"minimum_should_match":,"should":[{"match_phrase":{"czmc":"start:查询明细列表"}}]}},{"range":{"mydate":{"gte":,"lte":,"format":"epoch_millis"}}},{"bool":{"minimum_should_match":,"should":[{"match_phrase":{"czmc":"start:查询明细列表"}}]}}],"filter":[],"should":[],"must_not":[]}},"timeout":"30000ms"}
创建自定义索引的时候无法保存自定义列的数据
outlist.append({"channelId":item["key"],"appId":item[""]["buckets"][0]["key"]})
for data in outlist:
res = es.index(index=indexname, doc_type="doc", body=data)
1.修改默认doc类型的mapping,把自定义的列加入到默认mapping配置中
2.把自己的数据存入到在mapping中已经存在的某个字段中