1.通过kibana查看elasticsearch版本信息
a.左上角三道横->Management->Dev Tools
b.GET / 执行
c.执行结果
{
“name” : “xxxx”,
“cluster_name” : “xxxxxxx”,
“cluster_uuid” : “vl1UudAoQp-aHWAzyPoMyw”,
“version” : {
“number” : “7.15.1”,
“build_flavor” : “default”,
“build_type” : “docker”,
“build_hash” : “83c34f456ae29d60e94d886e455e6a3409bba9ed”,
“build_date” : “2021-10-07T21:56:19.031608185Z”,
“build_snapshot” : false,
“lucene_version” : “8.9.0”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
2.精确排除字符串查询
context:“xx” AND NOT location:“xxx” AND NOT location:“xxx” AND NOT location:“xxx”
3.elasticsearch分桶统计key为traceId的value相同个数大于1的所有key和count
GET /bff-prod*/_search
{
“size”: 0, // 不返回原始文档
“aggs”: {
“duplicate_traceids”: {
“terms”: {
“field”: “ext.traceId.keyword”, // 确保使用keyword类型字段
“min_doc_count”: 2, // 只返回出现2次以上的结果
“size”: 1000 // 覆盖所有重复项(按需调整)
}
}
}
}
4.按关键字统计个数
GET /bff-prod*/_search
{
“size”: 0,
“aggs”: {
“duplicate_traceids”: {
“terms”: {
“field”: “ext.traceId.keyword”,
“min_doc_count”: 2,
“size”: 1000
}
}
}
}
# 5.带认证的连接
es = Elasticsearch(
[‘https://10.126.141.98:9200’],
basic_auth=(“elastic”, “z7aJPPruXz9tk26r”),
verify_certs=False # 自签名证书需关闭验证:ml-citation{ref=“4” data=“citationList”}
)
5.elasticsearch查询昨天的数据,分桶统计traceId字段的值重复个数大于1的key和doc_count;
GET /bff-prod*/_search
{
“query”: {
“range”: {
“@timestamp”: {
“gte”: “now-1d/d”,
“lt”: “now/d”,
“time_zone”: “+08:00”
}
}
},
“aggs”: {
“duplicate_traces”: {
“terms”: {
“field”: “ext.traceId.keyword”,
“min_doc_count”: 2,
“size”: 10000
},
“aggs”: {
“bucket_filter”: {
“bucket_selector”: {
“buckets_path”: {
“docCount”: “_count”
},
“script”: “params.docCount > 1”
}
}
}
}
},
“size”: 0
}