ES系列十、ES常用查询API

1.term查询

{
    "query": {
        "term": {
            "title": "crime"
        }
    }
}

1.1.指定权重

{
    "query": {
        "term": {
            "title": {
                "value":"crime",
                "boost":10.0
             }
        }
    }
}

1.2.多term查询查询tags字段中包含novel或book

{
    "query": {
        "terms": {
            "tags": ["novel","book"]
        }
    }
}

2.常用词查询

2.1.cutoff_frequency查询低于这个概率的词将

{
    "query": {
        "common": {
             "title":{
                 "query":"crime and punishment",
                 "cutoff_frequency":0.001
             }
        }
    }
}

2.2.match查询( 不支持lucene查询语法，分词后再查询 )

查询title包含crime或and或punishment的文档

{
    "query": {
        "match": {
            "title": "crime and punishment"
        }
    }
}

2.3.operator操作符

要求and或者or匹配文本的分词

{
    "query": {
        "match": {
            "title": {
                 "query":"crime and punishment",
                 "operator":"and"
            }
        }
    }
}

2.4.短语查询

{
    "query": {
        "match_phrase": {
            "title": {
                 "query":"crime  punishment",
                 "slop":
            }
        }
    }
}

2.5.前缀查询

对查询关键词的最后一个词条做前缀匹配

{
    "query": {
        "match_phrase_prefix": {
            "title": {
                 "query":"crime  punish",
                 "slop":,
                 "max_expansions":
            }
        }
    }
}

2.6.multi_match( 针对多个字段查询 )

{
    "query": {
        "multi_match": {
             "query":"crime  heller",
             "fields":["title","author"]
        }
    }
}

3.query_string查询( 支持lucene的查询语法 )

3.1复合语法查询

title字段包含crime，且权重为10，也要包含punishment，但是otitle不包含cat，同事author字段包含Fyodor和dostoevsky。

{
    "query": {
        "query_string": {
             "query":"title:crime^10 +title:punishment -otitle:cat +author:(+Fyodor +dostoevsky)",
             "default_field":"title"
        }
    }
}

3.2.针对多字段查询

use_dis_max使用最大分查询，max指对于给定的关键词，只有最高分才会包括在最后的文档的评分中，而不是所有包含该词条的所有字段分数之和。

{
    "query": {
        "query_string": {
             "query":"crime heller",
             "fields":["title","author"],
              "use_dis_max":true
        }
    }
}

常见写法：

{“query”:{“query_string”:{“name:obama”}}}

name字段为obama

{“query”:{“query_string”:{“nam\\*:obama”}}}

存在一个nam开头的字段，值为obama

{“query”:{“query_string”:{“__missing__:name”}}}

name字段值为null的文档

{“query”:{“query_string”:{“__exists__:name”}}}

name字段值不为null的文档

{“query”:{“query_string”:{“name:（obama OR xidada)”}}}

name字段为Obama或者xidada的文档

3.3.simple_query_string查询

解析出错时不抛异常，丢弃查询无效的部分

{
    "query": {
        "simple_query_string": {
             "query":"title:crime^10 +title:punishment -otitle:cat +author:(+Fyodor +dostoevsky)",
             "default_operator":"or"
        }
    }
}

3.4.标识符查询

{
    "query": {
        "ids": {
             "type":"book",
             "values":["","",""]
        }
    }
}

3.4.前缀查询

前缀匹配给定的关键词

{
    "query": {
        "prefix": {
             "title":"cri"
        }
    }
}

指定权重

{
    "query": {
        "prefix": {
             "title":{
                 "value":"cri",
                 "boost":3.0
             }
        }
    }
}

3.5.fuzzy模糊查询

使用编辑距离的模糊查询，计算量较大，但是对用户拼写错的场景比较有用

{
    "query": {
        "fuzzy": {
             "title":"crme"
        }
    }
}

指定最小相似度偏差

{
    "query": {
        "fuzzy": {
             "title":{
                 "value":"crme",
                 "min_similarity":
              }
        }
    }
}

3.6.通配符查询

支持*和?等通配符

{
    "query": {
        "wildcard": {
             "title": "cr?me"
        }
    }
}

?：任意字符

*：0个或任意多个字符

 

性能差，必须扫描整个倒排索引，才ok

3.8.范围查询

只能针对单个字段，可以是数值型的，也可以是基于字符串的。

{
    "query": {
        "range": {
             "year": {
                  "gte" :,
                  "lte":
              }
        }
    }
}

3.8.正则表达式查询

查询性能取决于正则表达式

{
    "query": {
        "regexp": {
             "title": {
                  "value" :"cr.m[ae]",
                  "boost":10.0  //配置评分乘以10
              }
        }
    }
}

K[A-Z].+

[0-9]：指定范围内的数字

[a-z]：指定范围内的字母

.：一个字符

+：前面的正则表达式可以出现一次或多次

 

wildcard和regexp，与prefix原理一致，都会扫描整个索引，性能很差

4.布尔查询( 组合查询 )

{
    "query": {
        "bool": {
            "must": {
                "term": {
                    "title": "crime"
                }
            },
            "should": {
                "range": {
                    "year": {
                        "from": ,
                        "to":
                    }
                }
            },
            "must_not": {
                "term": {
                    "otitle": "nothing"
                }
            }
        }
    }
}

mus:必须包含的条件，must not:不包含 ，should:包含的话会更匹配

搜索多个条件：

GET test*/_search
{
  "size":,
  "query": {
    "bool":{
      "must": [
          {"match":{"message": "学生"}},
          {"match":{"message": "所有"}}
        ],
      "should": [
          {"match": {"port": ""}},
          {"match": {"@timestamp":"2018-09-17T17:49:25.991Z"}}
        ],
      "must_not": [
          {"match": {"port": ""}},
          {"match": {"port":""}}
        ]
    }

  }

}

结果：

{
  "took": ,
  "timed_out": false,
  "_shards": {
    "total": ,
    "successful": ,
    "skipped": ,
    "failed":
  },
  "hits": {
    "total": ,
    "max_score": 17.026089,
    "hits": [
      {
        "_index": "test-name",
        "_type": "doc",
        "_id": "Ff0g6GUBPXqEl7zCsbQb",
        "_score": 17.026089,
        "_source": {
          "@timestamp": "2018-09-17T15:23:06.878Z",
          "appname": "test-name",
          "level": "INFO",
          "port": ,
          "thread_name": "main",
          "level_value": ,
          "appName": "test-name",
          "@version": ,
          "host": "192.168.1.100",
          "logger_name": "com.example.service.StudentService",
          "@metdata": {
            "ip_address": "192.168.1.100"
          },
          "message": "查询所有学生，pageNo1,pageSize1"
        }
      },
      {
        "_index": "test-name",
        "_type": "doc",
        "_id": "WFOm6GUBlATfpgHyvD55",
        "_score": 16.024178,
        "_source": {
          "@timestamp": "2018-09-17T17:49:25.991Z",
          "appname": "test-name",
          "level": "INFO",
          "port": ,
          "thread_name": "main",
          "level_value": ,
          "appName": "test-name",
          "@version": ,
          "host": "192.168.1.100",
          "logger_name": "com.example.service.StudentService",
          "@metdata": {
            "ip_address": "192.168.1.100"
          },
          "message": "查询所有学生，pageNo1,pageSize1"
        }
      },
      {
        "_index": "test-name",
        "_type": "doc",
        "_id": "nAMg42UBRHcv2wBhnFDg",
        "_score": 14.024178,
        "_source": {
          "@timestamp": "2018-09-16T16:04:54.948Z",
          "appname": "test-name",
          "level": "INFO",
          "port": ,
          "thread_name": "main",
          "level_value": ,
          "appName": "test-name",
          "@version": ,
          "host": "172.20.10.6",
          "logger_name": "com.example.service.StudentService",
          "@metdata": {
            "ip_address": "172.20.10.6"
          },
          "message": "查询所有学生，pageNo1,pageSize1"
        }
      }
    ]
  }
}

还可以这么实现：

GET test*/_search
{
  "size":,
  "query": {
    "query_string":{"query": "message:学生 +message:所有 -port:55714"}
  }
}