Elasticsearch Query DSL 指令整理
- [一、Query DSL 概述](#一、Query DSL 概述)
-
- [1.1 什么是 Query DSL?](#1.1 什么是 Query DSL?)
- [1.2 查询上下文 vs 过滤上下文](#1.2 查询上下文 vs 过滤上下文)
- [1.3 查询基本结构](#1.3 查询基本结构)
- [二、全文查询(Full Text Queries)](#二、全文查询(Full Text Queries))
-
- [2.1 match 查询(最常用)](#2.1 match 查询(最常用))
- [2.2 match_phrase 查询](#2.2 match_phrase 查询)
- [2.3 multi_match 查询](#2.3 multi_match 查询)
- [2.4 query_string 查询](#2.4 query_string 查询)
- [2.5 simple_query_string 查询](#2.5 simple_query_string 查询)
- [三、词项级别查询(Term-level Queries)](#三、词项级别查询(Term-level Queries))
-
- [3.1 term 查询](#3.1 term 查询)
- [3.2 terms 查询](#3.2 terms 查询)
- [3.3 terms_set 查询](#3.3 terms_set 查询)
- [3.4 range 查询](#3.4 range 查询)
- [3.5 exists 查询](#3.5 exists 查询)
- [3.6 prefix 查询](#3.6 prefix 查询)
- [3.7 wildcard 查询](#3.7 wildcard 查询)
- [3.8 regexp 查询](#3.8 regexp 查询)
- [3.9 fuzzy 查询](#3.9 fuzzy 查询)
- [3.10 ids 查询](#3.10 ids 查询)
- [四、复合查询(Compound Queries)](#四、复合查询(Compound Queries))
-
- [4.1 bool 查询(最强大的查询)](#4.1 bool 查询(最强大的查询))
- [4.2 boosting 查询](#4.2 boosting 查询)
- [4.3 constant_score 查询](#4.3 constant_score 查询)
- [4.4 dis_max 查询](#4.4 dis_max 查询)
- [4.5 function_score 查询](#4.5 function_score 查询)
- [五、连接查询(Joining Queries)](#五、连接查询(Joining Queries))
-
- [5.1 nested 查询](#5.1 nested 查询)
- [5.2 has_child 查询](#5.2 has_child 查询)
- [5.3 has_parent 查询](#5.3 has_parent 查询)
- [5.4 parent_id 查询](#5.4 parent_id 查询)
- [六、地理查询(Geo Queries)](#六、地理查询(Geo Queries))
-
- [6.1 geo_distance 查询](#6.1 geo_distance 查询)
- [6.2 geo_bounding_box 查询](#6.2 geo_bounding_box 查询)
- [6.3 geo_polygon 查询](#6.3 geo_polygon 查询)
- [6.4 geo_shape 查询](#6.4 geo_shape 查询)
- [七、特殊查询(Specialized Queries)](#七、特殊查询(Specialized Queries))
-
- [7.1 more_like_this 查询](#7.1 more_like_this 查询)
- [7.2 script 查询](#7.2 script 查询)
- [7.3 percolate 查询](#7.3 percolate 查询)
- [7.4 wrapper 查询](#7.4 wrapper 查询)
- [7.5 pinned 查询](#7.5 pinned 查询)
- [八、跨度查询(Span Queries)](#八、跨度查询(Span Queries))
-
- [8.1 span_term 查询](#8.1 span_term 查询)
- [8.2 span_multi 查询](#8.2 span_multi 查询)
- [8.3 span_first 查询](#8.3 span_first 查询)
- [8.4 span_near 查询](#8.4 span_near 查询)
- [8.5 span_or 查询](#8.5 span_or 查询)
- [8.6 span_not 查询](#8.6 span_not 查询)
- [8.7 span_containing 查询](#8.7 span_containing 查询)
- [8.8 span_within 查询](#8.8 span_within 查询)
- 九、实用查询模板
-
- [9.1 电商搜索查询](#9.1 电商搜索查询)
- [9.2 日志分析查询](#9.2 日志分析查询)
- [9.3 用户行为分析查询](#9.3 用户行为分析查询)
- 十、查询性能优化
-
- [10.1 查询结构优化](#10.1 查询结构优化)
- [10.2 索引和分片策略](#10.2 索引和分片策略)
- 十一、查询调试技巧
-
- [11.1 使用 explain API](#11.1 使用 explain API)
- [11.2 使用 profile API](#11.2 使用 profile API)
- [11.3 验证查询](#11.3 验证查询)
- 十二、总结
-
- [12.1 查询选择指南](#12.1 查询选择指南)
- [12.2 性能最佳实践](#12.2 性能最佳实践)
- [12.3 常见陷阱](#12.3 常见陷阱)
一、Query DSL 概述
1.1 什么是 Query DSL?
Query DSL(Domain Specific Language)是 Elasticsearch 的核心查询语言,基于 JSON 结构,用于定义复杂的查询逻辑。
1.2 查询上下文 vs 过滤上下文
bash
{
"query": {
"bool": {
"must": [ // 查询上下文:影响相关性评分
{"match": {"title": "search"}}
],
"filter": [ // 过滤上下文:不影响评分,更高效
{"term": {"status": "active"}},
{"range": {"age": {"gte": 18}}}
]
}
}
}1.3 查询基本结构
bash
{
"query": {
// 查询类型和条件
},
"from": 0, // 分页起始
"size": 10, // 每页大小
"sort": [ // 排序
{"price": {"order": "desc"}}
],
"_source": ["title", "price"], // 返回字段
"aggs": { // 聚合
// 聚合条件
},
"highlight": { // 高亮
"fields": {"content": {}}
}
}二、全文查询(Full Text Queries)
2.1 match 查询(最常用)
bash
// 基础 match 查询
{
"query": {
"match": {
"title": {
"query": "elasticsearch tutorial",
"operator": "and", // 必须包含所有词
"minimum_should_match": "75%", // 最少匹配比例
"fuzziness": "AUTO", // 模糊匹配
"boost": 2.0 // 权重提升
}
}
}
}
// 简写形式
{
"query": {
"match": {
"title": "elasticsearch tutorial"
}
}
}2.2 match_phrase 查询
bash
// 精确短语匹配
{
"query": {
"match_phrase": {
"message": "quick brown fox",
"slop": 2 // 允许词间距(跳过的词数)
}
}
}
// match_phrase_prefix(前缀匹配)
{
"query": {
"match_phrase_prefix": {
"title": {
"query": "quick brown f",
"max_expansions": 10 // 最大扩展数
}
}
}
}2.3 multi_match 查询
bash
// 多字段搜索
{
"query": {
"multi_match": {
"query": "elasticsearch",
"fields": [
"title^2", // ^2 表示权重加倍
"content",
"description"
],
"type": "best_fields", // 其他类型:most_fields, cross_fields, phrase
"tie_breaker": 0.3 // 平局裁决器
}
}
}
// 通配符字段匹配
{
"query": {
"multi_match": {
"query": "search",
"fields": ["title.*", "*.name"]
}
}
}2.4 query_string 查询
bash
// 支持完整查询语法(类似Lucene语法)
{
"query": {
"query_string": {
"default_field": "content",
"query": "(elasticsearch AND tutorial) OR (learn AND kibana)",
"default_operator": "OR",
"analyze_wildcard": true,
"allow_leading_wildcard": false,
"fuzziness": "AUTO:4,7", // 4-7个字符允许编辑距离1
"fuzzy_prefix_length": 2,
"fuzzy_max_expansions": 50,
"minimum_should_match": "2<75%", // 少于2个词必须全匹配,多于则75%
"lenient": true, // 忽略格式错误
"time_zone": "+08:00"
}
}
}
// 多字段 query_string
{
"query": {
"query_string": {
"fields": ["title", "content"],
"query": "elasticsearch",
"boost": 2.0
}
}
}2.5 simple_query_string 查询
bash
// 更安全的 query_string(自动转义特殊字符)
{
"query": {
"simple_query_string": {
"query": "\"elasticsearch tutorial\" +advanced -basic",
"fields": ["title", "content"],
"default_operator": "and",
"analyzer": "standard",
"flags": "AND|OR|NOT|PHRASE"
}
}
}三、词项级别查询(Term-level Queries)
3.1 term 查询
bash
// 精确匹配(不进行分词)
{
"query": {
"term": {
"status": {
"value": "active",
"boost": 1.5
}
}
}
}
// 简写
{
"query": {
"term": {"status": "active"}
}
}3.2 terms 查询
bash
// 多值精确匹配
{
"query": {
"terms": {
"tags": ["elasticsearch", "kibana", "logstash"],
"boost": 1.0
}
}
}
// terms 查询(从文档获取值)
{
"query": {
"terms": {
"user_id": {
"index": "users",
"id": "123",
"path": "followers"
}
}
}
}3.3 terms_set 查询
bash
// 最小匹配数
{
"query": {
"terms_set": {
"tags": {
"terms": ["elastic", "search", "tutorial"],
"minimum_should_match_script": {
"source": "Math.min(params.num_terms, 2)"
}
}
}
}
}3.4 range 查询
bash
// 范围查询
{
"query": {
"range": {
"price": {
"gte": 100, // 大于等于
"lte": 1000, // 小于等于
"gt": 99, // 大于
"lt": 1001, // 小于
"boost": 2.0,
"format": "yyyy-MM-dd"
}
}
}
}
// 日期范围查询
{
"query": {
"range": {
"timestamp": {
"gte": "2024-01-01",
"lte": "2024-01-31",
"format": "strict_date_optional_time",
"time_zone": "+08:00"
}
}
}
}
// 相对时间范围
{
"query": {
"range": {
"timestamp": {
"gte": "now-7d/d", // 7天前,四舍五入到天
"lt": "now/d" // 今天
}
}
}
}3.5 exists 查询
bash
// 字段存在检查
{
"query": {
"exists": {
"field": "email"
}
}
}3.6 prefix 查询
bash
// 前缀匹配
{
"query": {
"prefix": {
"user.id": {
"value": "ki",
"rewrite": "constant_score" // 重写策略
}
}
}
}3.7 wildcard 查询
bash
// 通配符查询
{
"query": {
"wildcard": {
"user.id": {
"value": "ki*y",
"boost": 1.0,
"rewrite": "scoring_boolean"
}
}
}
}
// 常用模式
{
"wildcard": {"title": "elasti*search"},
"wildcard": {"title": "elasti?search"}, // ? 匹配单个字符
"wildcard": {"title": "elastic[sz]earch"} // 字符组
}3.8 regexp 查询
bash
// 正则表达式查询
{
"query": {
"regexp": {
"user.id": {
"value": "user-[0-9]+",
"flags": "ALL", // 正则标志
"max_determinized_states": 10000,
"rewrite": "constant_score"
}
}
}
}
// 复杂正则示例
{
"query": {
"regexp": {
"message": {
"value": "error\\s+\\d{4,}", // error 后跟空格和至少4位数字
"flags": "COMPLEMENT|EMPTY"
}
}
}
}3.9 fuzzy 查询
bash
// 模糊查询(拼写容错)
{
"query": {
"fuzzy": {
"title": {
"value": "elasticserch",
"fuzziness": "AUTO", // AUTO: 根据词长自动确定
"max_expansions": 50, // 最大扩展数
"prefix_length": 2, // 必须匹配的前缀长度
"transpositions": true, // 允许位置交换
"rewrite": "constant_score"
}
}
}
}
// fuzziness 参数详解
{
"fuzzy": {
"title": {
"value": "elasticsearch",
"fuzziness": 2 // 允许的最大编辑距离
}
}
}3.10 ids 查询
bash
// ID查询
{
"query": {
"ids": {
"values": ["1", "2", "3"],
"boost": 1.0
}
}
}四、复合查询(Compound Queries)
4.1 bool 查询(最强大的查询)
bash
// 完整 bool 查询
{
"query": {
"bool": {
"must": [ // 必须匹配,贡献得分
{"match": {"title": "elasticsearch"}},
{"match": {"content": "tutorial"}}
],
"filter": [ // 必须匹配,不贡献得分
{"term": {"status": "active"}},
{"range": {"price": {"gte": 100}}}
],
"should": [ // 应该匹配(影响得分)
{"match": {"tags": "beginner"}},
{"match": {"tags": "advanced"}}
],
"must_not": [ // 必须不匹配
{"term": {"category": "deprecated"}}
],
"minimum_should_match": 1, // 至少满足的should数
"boost": 1.0
}
}
}
// 嵌套 bool 查询
{
"query": {
"bool": {
"must": [
{"match": {"title": "search"}},
{
"bool": {
"should": [
{"match": {"content": "elasticsearch"}},
{"match": {"content": "lucene"}}
],
"minimum_should_match": 1
}
}
]
}
}
}4.2 boosting 查询
bash
// 降低某些文档的得分
{
"query": {
"boosting": {
"positive": {
"match": {"title": "elasticsearch"}
},
"negative": {
"match": {"tags": "outdated"}
},
"negative_boost": 0.2 // 负匹配的权重
}
}
}4.3 constant_score 查询
bash
// 固定分数查询
{
"query": {
"constant_score": {
"filter": {
"term": {"status": "active"}
},
"boost": 1.2
}
}
}4.4 dis_max 查询
bash
// 取多个查询中的最高分
{
"query": {
"dis_max": {
"queries": [
{"match": {"title": "elasticsearch"}},
{"match": {"content": "elasticsearch"}},
{"match": {"description": "elasticsearch"}}
],
"tie_breaker": 0.3 // 其他查询的权重
}
}
}4.5 function_score 查询
bash
// 自定义评分函数
{
"query": {
"function_score": {
"query": {"match": {"title": "elasticsearch"}},
"functions": [
{
"filter": {"term": {"tags": "popular"}},
"weight": 2 // 权重函数
},
{
"field_value_factor": { // 字段值因子
"field": "votes",
"factor": 1.2,
"modifier": "sqrt", // sqrt, log, log1p, log2p, ln, ln1p, ln2p, reciprocal
"missing": 1
}
},
{
"random_score": { // 随机分数
"seed": 42,
"field": "_seq_no"
}
},
{
"script_score": { // 脚本评分
"script": {
"source": "Math.log(2 + doc['views'].value)"
}
}
},
{
"gauss": { // 高斯衰减
"create_date": {
"origin": "2024-01-01",
"scale": "30d",
"offset": "7d",
"decay": 0.5
}
}
},
{
"exp": { // 指数衰减
"location": {
"origin": "11, 12",
"scale": "2km",
"offset": "0km",
"decay": 0.33
}
}
},
{
"linear": { // 线性衰减
"price": {
"origin": 100,
"scale": 50,
"offset": 10,
"decay": 0.2
}
}
}
],
"score_mode": "multiply", // 分数组合方式:multiply, sum, avg, first, max, min
"boost_mode": "multiply", // 与原查询分数组合方式
"max_boost": 3.0, // 最大提升值
"min_score": 1.0 // 最小分数阈值
}
}
}五、连接查询(Joining Queries)
5.1 nested 查询
bash
// 定义nested字段映射
PUT /my_index
{
"mappings": {
"properties": {
"comments": {
"type": "nested",
"properties": {
"author": {"type": "keyword"},
"text": {"type": "text"},
"votes": {"type": "integer"}
}
}
}
}
}
// nested查询
{
"query": {
"nested": {
"path": "comments",
"query": {
"bool": {
"must": [
{"match": {"comments.author": "john"}},
{"range": {"comments.votes": {"gte": 3}}}
]
}
},
"score_mode": "avg", // avg, sum, min, max, none
"inner_hits": { // 返回匹配的内部文档
"size": 5,
"name": "relevant_comments"
}
}
}
}5.2 has_child 查询
bash
// 子文档查询
{
"query": {
"has_child": {
"type": "comment",
"query": {
"match": {"text": "excellent"}
},
"score_mode": "max",
"min_children": 1,
"max_children": 10
}
}
}5.3 has_parent 查询
bash
// 父文档查询
{
"query": {
"has_parent": {
"parent_type": "blog",
"query": {
"term": {"category": "technology"}
},
"score": false
}
}
}5.4 parent_id 查询
bash
// 根据父ID查询子文档
{
"query": {
"parent_id": {
"type": "comment",
"id": "blog123"
}
}
}六、地理查询(Geo Queries)
6.1 geo_distance 查询
bash
// 距离查询
{
"query": {
"geo_distance": {
"distance": "10km",
"distance_type": "arc", // 或 plane
"location": {
"lat": 40.73,
"lon": -74.1
},
"validation_method": "STRICT"
}
}
}6.2 geo_bounding_box 查询
bash
// 边界框查询
{
"query": {
"geo_bounding_box": {
"location": {
"top_left": {
"lat": 40.8,
"lon": -74.0
},
"bottom_right": {
"lat": 40.7,
"lon": -73.0
}
},
"type": "indexed" // 或 memory
}
}
}
// 另一种格式
{
"geo_bounding_box": {
"location": {
"top": 40.8,
"left": -74.0,
"bottom": 40.7,
"right": -73.0
}
}
}6.3 geo_polygon 查询
bash
// 多边形查询
{
"query": {
"geo_polygon": {
"location": {
"points": [
{"lat": 40, "lon": -70},
{"lat": 30, "lon": -80},
{"lat": 20, "lon": -90}
]
}
}
}
}6.4 geo_shape 查询
bash
// 复杂形状查询
{
"query": {
"geo_shape": {
"location": {
"shape": {
"type": "envelope",
"coordinates": [[-45, 45], [45, -45]]
},
"relation": "within" // within, intersects, disjoint
}
}
}
}七、特殊查询(Specialized Queries)
7.1 more_like_this 查询
bash
// 相似文档查询
{
"query": {
"more_like_this": {
"fields": ["title", "content"],
"like": [
{"_id": "123"},
{"_index": "other_index", "_id": "456"},
"sample text content"
],
"unlike": [
{"_id": "789"} // 排除的文档
],
"min_term_freq": 1,
"max_query_terms": 25,
"min_doc_freq": 2,
"max_doc_freq": 100,
"min_word_length": 0,
"max_word_length": 0,
"stop_words": ["the", "a", "an"],
"analyzer": "standard",
"minimum_should_match": "30%",
"boost_terms": 1.0,
"include": true, // 是否包含like文档本身
"fail_on_unsupported_field": true
}
}
}7.2 script 查询
bash
// 脚本查询
{
"query": {
"script": {
"script": {
"source": "doc['price'].value > params.threshold",
"params": {
"threshold": 100
}
},
"boost": 1.0
}
}
}
// 复杂脚本查询
{
"query": {
"script": {
"script": {
"source": """
if (doc.containsKey('views') && doc['views'].value > 0) {
double score = Math.log1p(doc['views'].value);
if (doc.containsKey('likes')) {
score += doc['likes'].value * 0.1;
}
return score > params.min_score;
}
return false;
""",
"params": {
"min_score": 5.0
}
}
}
}
}7.3 percolate 查询
bash
// 逆向搜索(存储查询,匹配文档)
// 1. 创建percolator字段映射
PUT /my_index
{
"mappings": {
"properties": {
"query": {
"type": "percolator"
},
"title": {
"type": "text"
}
}
}
}
// 2. 存储查询
PUT /my_index/_doc/1
{
"query": {
"match": {
"title": "elasticsearch"
}
}
}
// 3. percolate查询(找出匹配的存储查询)
GET /my_index/_search
{
"query": {
"percolate": {
"field": "query",
"document": {
"title": "Learning elasticsearch tutorial"
}
}
}
}7.4 wrapper 查询
bash
// 包装已序列化的查询
{
"query": {
"wrapper": {
"query": "eyJ0ZXJtIjogeyJzdGF0dXMiOiAiYWN0aXZlIn19"
}
}
}7.5 pinned 查询
bash
// 固定某些文档在结果顶部
{
"query": {
"pinned": {
"ids": ["1", "2", "3"],
"organic": {
"match_all": {}
}
}
}
}八、跨度查询(Span Queries)
8.1 span_term 查询
bash
{
"query": {
"span_term": {"user": "kimchy"}
}
}8.2 span_multi 查询
bash
{
"query": {
"span_multi": {
"match": {
"prefix": {"user": {"value": "ki"}}
}
}
}
}8.3 span_first 查询
bash
{
"query": {
"span_first": {
"match": {
"span_term": {"user": "kimchy"}
},
"end": 3 // 在前3个词项中匹配
}
}
}8.4 span_near 查询
bash
{
"query": {
"span_near": {
"clauses": [
{"span_term": {"field": "value1"}},
{"span_term": {"field": "value2"}},
{"span_term": {"field": "value3"}}
],
"slop": 12, // 最大间隔
"in_order": false
}
}
}8.5 span_or 查询
bash
{
"query": {
"span_or": {
"clauses": [
{"span_term": {"field": "value1"}},
{"span_term": {"field": "value2"}}
]
}
}
}8.6 span_not 查询
bash
{
"query": {
"span_not": {
"include": {
"span_term": {"field": "value1"}
},
"exclude": {
"span_term": {"field": "value2"}
}
}
}
}8.7 span_containing 查询
bash
{
"query": {
"span_containing": {
"little": {
"span_term": {"field": "foo"}
},
"big": {
"span_near": {
"clauses": [
{"span_term": {"field": "bar"}},
{"span_term": {"field": "baz"}}
],
"slop": 5
}
}
}
}
}8.8 span_within 查询
bash
{
"query": {
"span_within": {
"little": {
"span_term": {"field": "foo"}
},
"big": {
"span_near": {
"clauses": [
{"span_term": {"field": "bar"}},
{"span_term": {"field": "baz"}}
],
"slop": 5
}
}
}
}
}九、实用查询模板
9.1 电商搜索查询
bash
{
"query": {
"bool": {
"must": [
{
"multi_match": {
"query": "无线蓝牙耳机",
"fields": ["title^3", "description^2", "category"],
"type": "best_fields",
"minimum_should_match": "50%"
}
}
],
"filter": [
{
"term": {"status": "active"}
},
{
"range": {
"price": {
"gte": 50,
"lte": 500
}
}
},
{
"terms": {"brand": ["sony", "bose", "sennheiser"]}
},
{
"range": {
"stock": {
"gt": 0
}
}
},
{
"exists": {"field": "rating"}
}
],
"should": [
{
"term": {"is_premium": {"value": true, "boost": 2}}
},
{
"range": {
"rating": {
"gte": 4.5,
"boost": 1.5
}
}
},
{
"function_score": {
"field_value_factor": {
"field": "sales_count",
"factor": 0.1,
"modifier": "log1p"
}
}
}
],
"minimum_should_match": 1
}
},
"sort": [
{"_score": "desc"},
{"rating": "desc"},
{"sales_count": "desc"}
],
"aggs": {
"brands": {
"terms": {"field": "brand", "size": 10}
},
"price_ranges": {
"range": {
"field": "price",
"ranges": [
{"to": 100},
{"from": 100, "to": 300},
{"from": 300, "to": 500},
{"from": 500}
]
}
}
},
"highlight": {
"fields": {
"title": {},
"description": {}
},
"pre_tags": ["<em>"],
"post_tags": ["</em>"]
}
}9.2 日志分析查询
bash
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
},
{
"bool": {
"should": [
{"term": {"level": "ERROR"}},
{"term": {"level": "CRITICAL"}},
{
"bool": {
"must": [
{"term": {"level": "WARN"}},
{
"regexp": {
"message": ".*(timeout|error|fail).*"
}
}
]
}
}
]
}
}
],
"must_not": [
{
"terms": {
"service": ["monitoring", "healthcheck"]
}
},
{
"wildcard": {
"host": "test-*"
}
}
]
}
},
"aggs": {
"errors_by_service": {
"terms": {
"field": "service",
"size": 20,
"order": {"_count": "desc"}
},
"aggs": {
"error_types": {
"terms": {"field": "error_type"}
},
"latest_errors": {
"top_hits": {
"size": 3,
"sort": [{"@timestamp": "desc"}],
"_source": ["message", "@timestamp"]
}
}
}
},
"errors_over_time": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "5m",
"min_doc_count": 0
}
}
},
"size": 0
}9.3 用户行为分析查询
bash
{
"query": {
"bool": {
"must": [
{
"term": {"event_type": "purchase"}
},
{
"range": {
"event_time": {
"gte": "2024-01-01",
"lte": "2024-01-31"
}
}
}
],
"should": [
{
"terms": {"user_segment": ["vip", "premium"]}
}
]
}
},
"aggs": {
"daily_sales": {
"date_histogram": {
"field": "event_time",
"calendar_interval": "day",
"format": "yyyy-MM-dd"
},
"aggs": {
"total_revenue": {
"sum": {"field": "amount"}
},
"avg_order_value": {
"avg": {"field": "amount"}
},
"unique_customers": {
"cardinality": {"field": "user_id"}
},
"top_products": {
"terms": {"field": "product_id", "size": 5}
}
}
},
"user_segment_analysis": {
"terms": {"field": "user_segment"},
"aggs": {
"total_revenue": {"sum": {"field": "amount"}},
"avg_frequency": {
"avg": {
"script": "doc['purchase_count'].value"
}
}
}
}
},
"size": 0
}十、查询性能优化
10.1 查询结构优化
bash
// 优化前:不必要的复杂查询
{
"query": {
"bool": {
"must": [
{"match": {"title": "elasticsearch"}}
],
"should": [
{"match": {"content": "elasticsearch"}}
],
"filter": [
{"range": {"date": {"gte": "2024-01-01"}}}
]
}
}
}// 优化后:简化查询结构
bash
{
"query": {
"bool": {
"filter": [ // 使用filter,不计算分数
{"term": {"status": "active"}},
{"range": {"date": {"gte": "2024-01-01"}}},
{
"bool": {
"should": [
{"match": {"title": "elasticsearch"}},
{"match": {"content": "elasticsearch"}}
]
}
}
]
}
}
}10.2 索引和分片策略
bash
// 合理的索引设置
PUT /my_index
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 1,
"refresh_interval": "30s", // 降低刷新频率
"analysis": {
"analyzer": {
"my_analyzer": {
"type": "custom",
"tokenizer": "standard",
"filter": ["lowercase", "stop", "stemmer"]
}
}
}
},
"mappings": {
"properties": {
"title": {
"type": "text",
"fields": {
"keyword": {"type": "keyword"} // 多字段类型
},
"analyzer": "my_analyzer"
},
"created_at": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}十一、查询调试技巧
11.1 使用 explain API
bash
GET /my_index/_explain/1
{
"query": {
"match": {"title": "elasticsearch"}
}
}11.2 使用 profile API
bash
GET /my_index/_search
{
"profile": true,
"query": {
"match": {"title": "elasticsearch"}
}
}11.3 验证查询
bash
GET /my_index/_validate/query?explain
{
"query": {
"bool": {
"must": [
{"match": {"title": "elasticsearch"}}
]
}
}
}十二、总结
12.1 查询选择指南
| 场景 | 推荐查询类型 |
|---|---|
| 全文搜索 | match, multi_match, query_string |
| 精确匹配 | term, terms, range |
| 短语搜索 | match_phrase, match_phrase_prefix |
| 模糊搜索 | fuzzy, wildcard, regexp |
| 复杂逻辑 | bool(结合 must/should/filter/must_not) |
| 评分控制 | function_score, constant_score |
| 相似推荐 | more_like_this |
| 地理位置 | geo_distance, geo_bounding_box |
| 嵌套对象 | nested |
12.2 性能最佳实践
- 使用 filter 上下文:不计算评分的查询更快
- 避免深度分页:使用 search_after 代替 from/size
- 合理使用缓存:filter 查询会被缓存
- 优化索引结构:合适的 mapping 和 analyzer
- 减少返回字段:使用 _source 过滤
- 批量查询:使用 msearch 减少请求次数
12.3 常见陷阱
bash
// 错误示例:text字段使用term查询
{
"query": {
"term": {"title": "Elasticsearch"} // 可能匹配不到,因为text字段会被分词
}
}
// 正确做法:使用match或keyword子字段
{
"query": {
"match": {"title": "Elasticsearch"}
}
// 或
"query": {
"term": {"title.keyword": "Elasticsearch"}
}
}