阅读 650

java api使用ElastichSearch指南

AggregationBuilders.terms:一段时间内,某个字段取值的数量排名前几的聚合

/ ** 	@param startTime 开始的时间
     * @param endTime 结束的时间
     * @param termAggName term过滤
     * @param fieldName 要做count的字段
     * @param top 返回的数量
     */
RangeQueryBuilder actionPeriod = QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second");
TermsBuilder termsBuilder = AggregationBuilders.terms(termAggName).field(fieldName).size(top).order(Terms.Order.count(false));
return client.prepareSearch(INDICE).setQuery(actionPeriod).addAggregation(termsBuilder).setSize(0).execute().actionGet();     
复制代码

order(Terms.Order.count(false)):表示降序

size(top):top表示只要排序的数量

prepareSearch(INDICE):INDICE表示索引的名字

setSize(0):表示只要聚合结果

如果需要去掉某些特殊字段取值 client为构建的ES客户端

 BoolQueryBuilder actionPeriodMustNot = QueryBuilders.boolQuery().must(QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second")).mustNot(QueryBuilders.termQuery(field, value));
复制代码

如果是单个字段特定的多个值

//values是个List
BoolQueryBuilder actioPeriodMust = QueryBuilders.boolQuery().must(QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second")).must(QueryBuilders.termsQuery(field, values));
复制代码

使用结果

Terms clickCount= sr.getAggregations().get(termAggName);
for (Terms.Bucket term:clickCount.getBuckets()){
  int key = term.getKeyAsNumber().intValue(); //要排序字段的值
  long docCount = term.getDocCount(); //数量
}
复制代码

date_histogram: 一段时间之内,时间字段按照时间间隔的聚合

BoolQueryBuilder actioPeriodMust = QueryBuilders.boolQuery().must(QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second"));
DateHistogramBuilder actionInterval = AggregationBuilders.dateHistogram(dateNickName).field("myTimeField").timeZone("Asia/Shanghai");
if (timeInterval<MINUTE){
  actionTimeInterval.interval(DateHistogramInterval.seconds(timeInterval)).format("HH:mm:ss");
}else if (timeInterval<HOUR){
  actionTimeInterval.interval(DateHistogramInterval.minutes(timeInterval / MINUTE)).format("dd HH:mm");
}else if (timeInterval < DAY){
  actionTimeInterval.interval(DateHistogramInterval.hours(timeInterval / HOUR)).format("HH:mm");
}else if (timeInterval < THIRTY_DAY){
  actionTimeInterval.interval(DateHistogramInterval.days(timeInterval / DAY));
}else{
  actionTimeInterval.interval(DateHistogramInterval.MONTH);
}
actionInterval.format("yyyy-MM-dd HH:mm:ssZ");
return client.prepareSearch(INDICE).setQuery(actioPeriodMust).addAggregation(actionInterval).setSize(0).execute().actionGet();
复制代码

es本身默认设置的时间戳是 UTC形式,在国内要设置TimeZone(“Asia/Shanghai”);

java的SimpleDateFormate会默认获取虚拟机所在时区的时间戳,所以存时间的时候,最好存与时区无关的时间,再做本地化显示

使用结果

Histogram histogram=sr.getAggregations().get(dateNickName);
for(Histogram.Bucket entry:histogram.getBuckets()){
  String key = entry.getKeyAsString();//时间间隔
  long count = entry.getDocCount();//数量
}
复制代码

subAggregation:一段时间内,按照一定的时间间隔,每个间隔段内字段每个取值的数量聚合

相当于合并上述两个场景

BoolQueryBuilder query = QueryBuilders.boolQuery().must(QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second"))
  .must(QueryBuilders.termsQuery("action", orderValue));
DateHistogramBuilder actionTimeInterval = AggregationBuilders.dateHistogram(dateNickName).field("myTimeField").timeZone("Asia/Shanghai");
actionTimeInterval.subAggregation(AggregationBuilders.terms(termNickName).field("action").size(size));
return client.prepareSearch(INDICE).setQuery(query).addAggregation(actionTimeInterval).setSize(0).execute().actionGet();
复制代码

使用结果

Histogram hitogram = sr.getAggregations().get(dateAggName);
for (Histogram.Bucket date : hitogram.getBuckets()) {
  String intervalName = date.getKeyAsString();
  long timeIntervalCount = date.getDocCount();
  if (timeIntervalCount != 0) {
    Terms terms = date.getAggregations().get(termAggName);
    for (Terms.Bucket entry : terms.getBuckets()) {
      int key=	entry.getKeyAsNumber().intValue();
      long childCount = entry.getDocCount();
    }
  }
}
复制代码

分页获取数据

BoolQueryBuilder actionPeriodMust = QueryBuilders.boolQuery().must(QueryBuilders.termQuery(key, value)).must(QueryBuilders.rangeQuery("myTimeField").gte(startTime).lte(endTime).format("epoch_second"));
return client.prepareSearch(INDICE).setQuery(actionPeriodMust).addSort(SortBuilders.fieldSort("myTimeField").order(SortOrder.ASC)).setFrom(from).setSize(size).execute().actionGet();        
复制代码

使用

Iterator<SearchHit> iterator = sr.getHits().iterator();
while (iterator.hasNext()) {
  SearchHit next = iterator.next();
  JSONObject jo = JSONObject.parseObject(next.getSourceAsString());
}
复制代码

AggregationBuilders.cardinality:获取某个字段的唯一取值数量

BoolQueryBuilder query = QueryBuilders.boolQuery().must(QueryBuilders.rangeQuery("myTimeField").gte(startTimeInSec*1000).lte(endTimeInSec*1000).format("epoch_millis"));
CardinalityBuilder fieldCardinality = AggregationBuilders.cardinality(cardinalityAggName).field(field);//field 要获取的字段
return client.prepareSearch(INDICE).setQuery(query).addAggregation(fieldCardinality).execute().actionGet();
复制代码

使用结果

Cardinality cardinality = sr.getAggregations().get(cardinalityAggName);
long value = cardinality.getValue();
复制代码

bool查询

比如想要addr是beijing的,同时必须满足条件:name是 paxi,或者,phoneNumber是 1234567890

BoolQueryBuilder searchIdQuery = QueryBuilders.boolQuery();
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
while (kvs.hasNext()){
  Map.Entry<String, String> fieldValue = kvs.next();
  String field=fieldValue.getKey();
  String value=fieldValue.getValue();
  searchIdQuery.should(QueryBuilders.termQuery(field, value));
}
boolQueryBuilder.must(searchIdQuery);
boolQueryBuilder.must(QueryBuilders.termsQuery(key, values));
return client.prepareSearch(INDICE).setQuery(boolQueryBuilder).execute().actionGet();
复制代码