Elasticsearch Search APIs
By:授客 QQ:1033553122
测试环境:
Win elasticsearch-5.4.1
1. 搜索
在单个索引的所有类型中搜索
例.在customer索引中查找包含firstname字段,且值字段值包含单词brad的文档
GET /customer/_search?q=firstname:Brad
在单个索引的指定类型中搜索
例.在customer索引的external,sometype类型中查找包含firstname字段,且值字段值包含单词brad的文档
GET /customer/external,sometype/_search?q=firstname:Brad
在多个指定的索引中搜索
例.在customer,account索引中查找包含firstname字段,且值字段值包含单词brad的文档
GET /account,customer/sometype/_search?q=firstname:Brad
GET /account,customer/_search?q=firstname:Brad
注意:索引之间只能以逗号隔开,不能有空格,比如account, customer
在所有索引中搜索
例.在所有索引的sometype类型中查找包含firstname字段,且值字段值包含单词brad的文档
GET /_all/sometype/_search?q=firstname:Brad
例.在所有索引中查找包含firstname字段,且值字段值包含单词brad的文档
GET /_all/_search?q=firstname:Brad
或者
GET /_search?q=firstname:Brad
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html
2. URI搜索
常用参数说明:
q: 要查询的字段值
例. 在customer索引external类型中查找字段值为16623的文档
GET /customer/external/_search?q=16623
_source:指定文档中hits包含的字段值
例. 在customer索引external类型中查找字段值为16623的文档,仅返回firstname,lastname,balance字段
GET /customer/external/_search?q=16623&_source=firstname,lastname,balance
注意:字段值之间只能以逗号分隔,且不能包含空格,比如firstname, lastname,
sort:用于排序文档,格式 fieldName,fieldName:asc 或fieldName:desc
其中,asc表示按fieldName字段值升序排序,同不带fieldName,相反desc表示降序排序,可以按多个字段排序,格式形如 fieldName1:asc,fieldName2:desc,的先按字段fieldName1的值升序排序,fieldName1值相同的话,再按fieldName2的值降序排序
例.查询customer索引external类型中的所有文档,按balance字段值升序排序。
GET /customer/external/_search?sort=balance:asc
例.查询customer索引external类型中的所有文档,按balance字段值升序排序,balance字段值相同则按account_number降序排序。
GET /customer/external/_search?sort=balance:asc,account_number:desc
from:指定需要返回记录的起始索引,默认为0,可以理解为mysql查询 limit子句的 offset
size:需要返回的记录数,默认为10
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html
3. 请求体搜索
例. 查询/customer索引,external类型中包含firstname字段,且值为Braw的记录
POST /customer/external/_search?pretty
{
"query": {
"term": {
"firstname": "braw"
}
}
}
注意:PUT也可以替换为GET
注意:例中,如果把"firstname": "braw" 改成 "firstname": "Braw",查询查不到结果,估计默认设置的情况下,先把文档字段值转小写后进行的比较
返回结果部分截图
说明:默认情况下,查询结果不区分大小,但是字段名是区分大小写的。
常见参数:参考 URI搜索
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-body.html
1. query
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-query.html
2. from/size
例.返回查询结果中,索引大于等于1的记录,总的返回一条记录
POST customer/external/_search?pretty
{
"query": {
"term": {
"firstname": "braw"
}
},
"from": 1,
"size": 1
}
注意:from + size不能大于index.max_result_window设置的值(默认1000)
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-from-size.html
3. sort
sort 对查询结果排序
例. 对查询结果排序,按account_number降序排序,account_number相同的情况下,按balance升序排序
POST customer/external/_search?pretty
{
"query": {
"match_all": {}
},
"sort": [
{
"account_number":{ "order": "desc"},
"balance":"asc"
}
]
}
说明:
1、desc:降序,asc:升序
如上,"account_number":{ "order": "desc"},也可以简单写成"account_number":"desc",
sort mode选项
mode选项用于字段值为数组列表、多个值组成的字段排序,可选值如下:
min
选择数组中的最小值,用于字段排序
max
选择数组中的最大值,用于字段排序
sum
使用数组中所有值总和,用于字段排序,仅限于字段值由数字组成的数组
avg
使用数组中所有值的均值,用于字段排序,仅限于字段值由数字组成的数组
median
使用数组中所有值的中位数,用于字段排序,仅限于字段值由数字组成的数组
按如下方式创建一些文档记录
PUT /product/fruit/4?pretty
{
"product":"orange",
"price":[12, 17, 22]
}
例子.按price字段的数组均值降序排序查询结果
POST /product/fruit/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"price": {
"order": "desc",
"mode": "avg"
}
}
]
}
嵌套对象里的排序
嵌套对象映射
例.设置offer字段为嵌套对象(同时也会执行类型的创建操作)
PUT /product
{
"mappings": {
"myfruit": {
"properties": {
"offer": {
"type": "nested",
"properties": {
"price": {"type":"short"}
}
}
}
}
}
}
PUT /product/myfruit/1?pretty
{
"product": "orange",
"offer": [{
"price": [
12,
17,
22
]
}]
}
PUT /product/myfruit/2?pretty
{
"product": "apple",
"offer": [{
"price": [
14,
10,
9
]
}]
}
PUT /product/myfruit/3?pretty
{
"product": "apple",
"offer": [
{}
]
}
POST /product/myfruit/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"offer.price": {
"order": "asc",
"mode": "avg",
"nested_path":"offer"
}
}
]
}
说明:
nested_path:指明在哪个嵌套对象上进行排序
missing参数
missing参数用于指定,文档缺乏指定字段时的处理方式,missing参数值可以设置为_last(默认值,即位于最下方)、 _first(位于最上方)、或者其它自定义值,该参数值将用于排序。
修改上述例中,文档3如下
PUT /product/myfruit/3?pretty
{
"product": "apple",
"offer": [
{}
]
}
POST /product/myfruit/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"offer.price": {
"order": "asc",
"mode": "avg",
"missing":"_first",
"nested_path": "offer"
}
}
]
}
返回结果部分截图:
更多参考:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html
4. source filter
例.不返回查询结果中的字段
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"_source":false
}
返回结果:
例.仅返回查询结果中指定的字段,firstname,account_number
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"_source": [
"firstname",
"account_number"
]
}
返回结果部分截图
使用通配符
例.仅返回查询结果中以em,或者字母a开头字段
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"_source": [
"a*",
"em*"
]
}
返回结果部分截图
includes和excludes
例.仅返回查询结果中字段名以字符a开头,但不以em开头的字段
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"_source": {
"includes": [
"a*"
],
"excludes": [
"em*"
]
}
}
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-source-filtering.html
5. script field
返回脚本计算值(基于不同字段)
例.
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"script_fields": {
"test1": {
"script": {
"inline": "doc['account_number'].value * 2"
}
},
"test2": {
"script": {
"inline": "doc['account_number'].value * params.factor",
"params": {
"factor": 3
}
}
}
}
}
注意:这里,account_number为文档中已存在的字段名
返回结果
例.
POST /customer/external/_search?
{
"script_fields": {
"test1": {
"script": {
"inline": "params.factor * params.factor",
"params": {
"factor": 3
}
}
}
}
}
返回结果
例.访问 _source,返回firstname的值
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"script_fields": {
"test1": {
"script": "params['_source']['firstname']"
}
}
}
返回结果部分截图
注意:使用doc['my_field_name'].value比使用arams['_source']['my_field_name']更快更效率,推荐使用
参考链接:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-script-fields.html
6. doc field
例.
POST /customer/external/_search?
{
"query": {
"match_all": {}
},
"docvalue_fields" : ["account_number", "test2"]
}
返回结果部分截图
7. post filter
filter在aggregation完成后才被执行。
PUT /shirts
{
"mappings": {
"item": {
"properties": {
"brand": { "type": "keyword"},
"color": { "type": "keyword"},
"model": { "type": "keyword"}
}
}
}
}
PUT /shirts/item/1?refresh
{
"brand": "gucci",
"color": "red",
"model": "slim"
}
例.仅返回搜索结果中包含color为red,brand为gucci的文档记录
POST /shirts/_search
{
"query": {
"bool": {
"filter": [
{
"term": {
"color": "red"
}
},
{
"term": {
"brand": "gucci"
}
}
]
}
}
}
例.仅返回搜索结果中包含color为red,brand为gucci的shirt,按model分组,按分组统计数降序排序
POST /shirts/_search
{
"query": {
"bool": {
"filter": [
{
"term": {
"color": "red"
}
},
{
"term": {
"brand": "gucci"
}
}
]
}
},
"aggs": {
"models": {
"terms": {
"field": "model"
}
}
}
}
返回结果部分截图
例.
例.仅搜索brand值为gucci的shirt,按color分组,降序展示每种color的shirt数量,同时,针对color为red的shirt商品,按model分组统计,降序展示每种model的数量
POST /shirts/_search
{
"query": {
"bool": {
"filter": {
"term": {
"brand": "gucci"
}
}
}
},
"aggs": {
"group_by_colors": {
"terms": {
"field": "color"
}
},
"color_red": {
"filter": {
"term": {
"color": "red"
}
},
"aggs": {
"group_by_models": {
"terms": {
"field": "model"
}
}
}
}
},
"post_filter": {
"term": {
"color": "red"
}
}
}
说明: "post_filter",作用于最后,不展示color不为red的shirt记录
返回结果部分截图
8. search_after
例.如下,每页只显示5条记录,按leve_vale降序排序,如果leve_vale相同则按_uid降序排序
POST /fenxi/fenxishuj/_search?
{
"query": {
"match_all": {}
},
"sort": [
{
"leve_vale":"desc",
"_uid": "desc"
}
],
"size":5
}
返回结果部分截图
这时,在不改变页size值的情况下,我们想查看下一页的记录,咋办?
方案:把sort中的参数值,按出现顺序,依次传递给search_after
POST /fenxi/fenxishuj/_search?
{
"query": {
"match_all": {}
},
"search_after":[31,"fenxishuj#9"],
"sort": [
{"leve_vale":"desc",
"_uid": "desc"
}
],
"size":5
}
注意:
1、sort中的参数值要和search_after一一对应(数量&顺序的对应)。
2、使用了search_after的情况下,如果要使用from参数,参数值只能为0 、-1
参考资料:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-search-after.html
更多资料参考:
https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html