Elasticsearch 常用命令记录
kibana(访问地址:http://ip:5601/app/kibana/#/home )
清空表
POST 索引名称/_delete_by_query { "query": { "match_all": {} } }
删除时间范围数据
POST dalian_event_2/_delete_by_query { "query": { "range": { "report_time": { "gt":"2023-11-19 00:00:00", "lt":"2023-11-20 00:00:00" } } } }
根据关键字查询数据
POST 索引名称/_search { "query": { "match": { "name":"12" } } }
采用MySql语法查询数据
POST _sql?format=json { "query": "select * from 索引名称 where deleted='0' limit 5", "fetch_size": 10000 }
设置单次最大查询数量
PUT 索引名称/_settings?preserve_existing=true { "max_result_window":"200000000" }
添加字段
PUT /索引名称/_mapping { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }
删除索引
DELETE 索引名称
修改索引名称
POST _reindex { "source": { "index": "原索引名称" }, "dest": { "index": "修改后的索引名称" } }
创建索引
PUT /sjyy_zgxx
{
"mappings": {
"properties": {
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"spmc": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"bz": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"create_time": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"creator": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"deleted": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
Kibana——通过Nginx代理Kibana并实现登陆认证
1.配置Kibana
vim /etc/kibana/kibana.yml
#修改参数如下:
server.basePath: "/kibana"
server.host: "10.0.101.100" #此配置下,如果要限制外部用户直接访问本机的5601端口,可以使用iptables进行限制(但因我的Nginx和Kibana不在同一台服务器,所以不进行限制,如果在同一台服务器上,则可以把属性值设为127.0.0.1,然后进行5601端口限制)
2.配置Nginx
server {
listen 80;
server_name 172.24.115.4;
location /kibana/ {
proxy_pass http://10.0.101.100:5601/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^/kibana/(.*)$ /$1 break;
}
}
