1.通过kibana查看elasticsearch版本信息
a.左上角三道横->Management->Dev Tools
b.GET / 执行
c.执行结果
{
"name" : "xxxx",
"cluster_name" : "xxxxxxx",
"cluster_uuid" : "vl1UudAoQp-aHWAzyPoMyw",
"version" : {
"number" : "7.15.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "83c34f456ae29d60e94d886e455e6a3409bba9ed",
"build_date" : "2021-10-07T21:56:19.031608185Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
2.精确排除字符串查询
context:"xx" AND NOT location:"xxx" AND NOT location:"xxx" AND NOT location:"xxx"
3.elasticsearch分桶统计key为traceId的value相同个数大于1的所有key和count
GET /bff-prod*/_search
{
"size": 0, // 不返回原始文档
"aggs": {
"duplicate_traceids": {
"terms": {
"field": "ext.traceId.keyword", // 确保使用keyword类型字段
"min_doc_count": 2, // 只返回出现2次以上的结果
"size": 1000 // 覆盖所有重复项(按需调整)
}
}
}
}
4.按关键字统计个数
GET /bff-prod*/_search
{
"size": 0,
"aggs": {
"duplicate_traceids": {
"terms": {
"field": "ext.traceId.keyword",
"min_doc_count": 2,
"size": 1000
}
}
}
}
# 5.带认证的连接
es = Elasticsearch(
'https://10.126.141.98:9200'\], basic_auth=("elastic", "z7aJPPruXz9tk26r"), verify_certs=False # 自签名证书需关闭验证:ml-citation{ref="4" data="citationList"} ) **5.elasticsearch查询昨天的数据,分桶统计traceId字段的值重复个数大于1的key和doc_count;** GET /bff-prod\*/_search { "query": { "range": { "@timestamp": { "gte": "now-1d/d", "lt": "now/d", "time_zone": "+08:00" } } }, "aggs": { "duplicate_traces": { "terms": { "field": "ext.traceId.keyword", "min_doc_count": 2, "size": 10000 }, "aggs": { "bucket_filter": { "bucket_selector": { "buckets_path": { "docCount": "_count" }, "script": "params.docCount \> 1" } } } } }, "size": 0 }