启动的的elasticsearch服务,而非步骤一中安装的npm模块。对elasticsearch的介绍,我后面的博客会单独做介绍。 单击elasticsearch.bat,或者在cmd命令行输入以下命令
.\bin\elasticsearch.batElasticsearch提供了一种json风格的查询语言,称为Query DSL(Query domain-specific language)。查询语言功能很全面。 以下几篇博客,给大家参考
1.elasticsearch查询语句(query DSL)2.ES 22 - Elasticsearch中如何进行日期(数值)范围查询3.Elastic Search之Search API(Query DSL)、字段类查询、复合查询4.Elasticsearch查询方法5.Elasticsearch DSL 常用语法介绍关于tags可以参考我的filebeat的配置filebeat重载配置文件:reload功能,添加的tags是为了搜索时方便,比如在此处,在此会只查询tags为"GUID"的日志信息。
(function () { 'use strict'; const elasticsearch = require('elasticsearch'); const esClient = new elasticsearch.Client({ host: '127.0.0.1:9200', log: 'error' }); const search = function search(index, body) { return esClient.search({ index: index, body: body }); }; const test = function test() { // let body = { // "query": { // "constant_score": { // "filter": { // "term": { // "tags": "c7f1771f-0c8f-4c75-9d71-3b8c4b6bd191" // } // } // } // } // } let body = { size: 100, from: 0, query: { bool: { must: [ { match: { message: { query: 'WARN ERROR INFO' } } }, ], filter: [ { range: { '@timestamp': { gte: '2020-08-31T06:25:56.149Z', lte: '2020-09-10T08:38:54.281Z' } } }, // term tags是filebeta采集时加入的标签,在此会只查询tags为"GUID"的日志信息。 { term: { "tags": "GUID" } } ] } } }; console.log(`retrieving documents with a combined bool query (displaying ${body.size} items at a time)...`); //search('opslog-systemlog-2020.08.10', body) search('ops*', body) .then(results => { console.log(`found ${results.hits.total} items in ${results.took}ms`); if (results.hits.total > 0) console.log(`returned article titles:`); results.hits.hits.forEach((hit, index) => console.log(`\t${body.from + ++index} - ${hit._source.title} (score: ${hit._score})`)); }) .catch(console.error); }; test(); module.exports = { search }; }());删除索引“opslog-systemlog-2020.08.10”在此时间段内message带有10的内容
(function () { 'use strict'; const elasticsearch = require('elasticsearch'); const esClient = new elasticsearch.Client({ host: '127.0.0.1:9200', log: 'error' }); const deletecontent= function deletecontent(index, body) { return esClient.deleteByQuery({index: index, body: body}); }; // only for testing purposes // all calls should be initiated through the module const test = function test() { let body = { size: 100, // from: 0, query: { bool: { must: [ { query_string: { query: '(message:*10)' } } ], filter: [ { range: { '@timestamp': { gte: '2020-08-10T08:34:15.960Z' , lte: '2020-08-10T08:38:54.281Z' } } } ] } } }; console.log(`retrieving documents with a combined bool query (displaying ${body.size} items at a time)...`); deletecontent('opslog-systemlog-2020.08.10', body) .then(results => { console.log(`found ${results.hits.total} items in ${results.took}ms`); if (results.hits.total > 0) console.log(`returned article titles:`); results.hits.hits.forEach((hit, index) => console.log(`\t${body.from + ++index} - ${hit._source.title} (score: ${hit._score})`)); }) .catch(console.error); }; test(); module.exports = { deletecontent }; } ());删除索引“ops-systemlog-2020.08.05”,至于自动清理索引的功能,我会单独写一篇博客介绍。elasticsearch定时删除过期索引index
(function () { 'use strict'; const elasticsearch = require('elasticsearch'); const esClient = new elasticsearch.Client({ host: '127.0.0.1:9200', log: 'error' }); const deleteindex = function deleteindex(index) { return esClient.indices.delete({index: index}); }; var index = ['ops-systemlog-2020.08.05'] const test = function test() { deleteindex(index) .then(results => { console.log(results); }) .catch(console.error); }; test(); module.exports = { deleteindex }; } ());参考: 【1】https://github.com/sitepoint-editors/node-elasticsearch-tutorial 【2】https://www.npmjs.com/package/elasticsearch 【3】https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/16.x/api-reference.html 【4】如何用 Node.js 和 Elasticsearch 构建搜索引擎https://www.oschina.net/translate/search-engine-node-elasticsearch?lang=chs&p=1 【5】如何用 Node.js 和 Elasticsearch 构建搜索引擎https://www.jianshu.com/p/598f941ee206 【6】nodejs之elasticsearch使用:基础篇(一) 【7】Nodejs基础使用Elasticsearch(二)
