查詢es時通過curl查詢比較複雜,可以安裝一個插件實現用sql查詢:
1.到es的plugin目錄下,安裝插件,插件的版本與ES的版本都有對應關係。具體可參照:https://github.com/NLPchina/elasticsearch-sql。我的ES是elasticsearch-5.5.2,對應的插件是5.5.2.0版本
cd /mnt/elasticsearch-5.5.2/plugins
install https://github.com/NLPchina/elasticsearch-sql/releases/download/5.5.2.0/elasticsearch-sql-5.5.2.0.zip
安裝成功之後可以在ES的plugins目錄下看到sql文件
2.如果是ES集羣,則每臺都需要安裝,並重啓服務
- 查找ES進程號:ps -ef | grep elastic
- 殺掉ES進程:kill -9 pid
- 重啓ES:把目錄切換到elasticsearch的bin目錄下,然後執行:sh elasticsearch -d
3.安裝完插件之後就方便了
之前查詢語句:
curl 'http://es-1:10200/index/type/_search?pretty' -H 'Content-Type:application/json' -d '{
"query":{
"bool":{
"must":[
{
"match":{
"activity_id":"1114"
}
},{
"match":{
"dt_ymd":"20190814"
}
}
]
}
}
}'
現在查詢語句:
curl 'http://es-1:10200/_sql?pretty' -H 'Content-Type:application/json' -d 'select * from index where dt_ymd=20190814 and activity_id=1114'
好棒!!!
ps:這裏有個坑,就是group by的時候,如果後面跟兩個字段,默認只會返回第二個字段的10條數據。
curl http://es-1:9200/_sql -H 'Content-Type: application/json' -d 'SELECT sum( kpi_uv) FROM index where dt_ymd = 20190730 and dt_hour < 6 and cnv_node_id = 10000000 group by dt_hour, terms('field'='activity_id','size'=1000,'alias'='activity_id')'
其它查詢語句:
聚合函數
curl 'http://es-1:9200/_sql?pretty' -H 'Content-Type:application/json' -d 'select sum(kpi_uv) from bi_recmd_tunan_result where dt_ymd=20190718 and dt_hour<11 and cnv_node_id=10000003 group by channel_id'
not in
curl 'http://es-1:10200/_sql?pretty' -H 'Content-Type:application/json' -d 'select * from c24hour_count_orders where c24halfhour_count_orders_day=20190830 and city_id not in ("1101")'
不等於
curl 'http://es-1:10200/_sql?pretty' -H 'Content-Type:application/json' -d 'select * from courier_location_index_20190731 where courierId=5013981 and cityId <> 1101'
直接使用distinct不支持去重,可以用group by
curl 'http://es-1:10200/_sql?pretty' -H 'Content-Type:application/json' -d 'select * from courier_location_index_20190731 where courierId=5013981 group by cityId'