1.term查询
{"query": {"term": {"title": "crime"}}}
1.1.指定权重
{"query": {"term": {"title": {"value":"crime","boost":10.0}}}}
1.2.多term查询查询tags字段中包含novel或book
{"query": {"terms": {"tags": ["novel","book"]}}}
2.常用词查询
2.1.cutoff_frequency查询低于这个概率的词将
{"query": {"common": {"title":{"query":"crime and punishment","cutoff_frequency":0.001}}}}
2.2.match查询( 不支持lucene查询语法,分词后再查询 )
查询title包含crime或and或punishment的文档
{"query": {"match": {"title": "crime and punishment"}}}
2.3.operator操作符
要求and或者or匹配文本的分词
{"query": {"match": {"title": {"query":"crime and punishment","operator":"and"}}}}
2.4.短语查询
{"query": {"match_phrase": {"title": {"query":"crime punishment","slop":1}}}}
2.5.前缀查询
对查询关键词的最后一个词条做前缀匹配
{"query": {"match_phrase_prefix": {"title": {"query":"crime punish","slop":1,"max_expansions":20}}}}
2.6.multi_match( 针对多个字段查询 )
{"query": {"multi_match": {"query":"crime heller","fields":["title","author"]}}}
3.query_string查询( 支持lucene的查询语法 )
3.1复合语法查询
title字段包含crime,且权重为10,也要包含punishment,但是otitle不包含cat,同事author字段包含Fyodor和dostoevsky。
{"query": {"query_string": {"query":"title:crime^10 +title:punishment -otitle:cat +author:(+Fyodor +dostoevsky)","default_field":"title"}}}
3.2.针对多字段查询
use_dis_max使用最大分查询,max指对于给定的关键词,只有最高分才会包括在最后的文档的评分中,而不是所有包含该词条的所有字段分数之和。
{"query": {"query_string": {"query":"crime heller","fields":["title","author"],"use_dis_max":true}}}
常见写法:
{“query”:{“query_string”:{“name:obama”}}}name字段为obama{“query”:{“query_string”:{“nam\\*:obama”}}}存在一个nam开头的字段,值为obama{“query”:{“query_string”:{“__missing__:name”}}}name字段值为null的文档{“query”:{“query_string”:{“__exists__:name”}}}name字段值不为null的文档{“query”:{“query_string”:{“name:(obama OR xidada)”}}}
3.3.simple_query_string查询
解析出错时不抛异常,丢弃查询无效的部分
{"query": {"simple_query_string": {"query":"title:crime^10 +title:punishment -otitle:cat +author:(+Fyodor +dostoevsky)","default_operator":"or"}}}
3.4.标识符查询
{"query": {"ids": {"type":"book","values":["1","2","3"]}}}
3.4.前缀查询
前缀匹配给定的关键词
{"query": {"prefix": {"title":"cri"}}}
指定权重
{"query": {"prefix": {"title":{"value":"cri","boost":3.0}}}}
3.5.fuzzy模糊查询
使用编辑距离的模糊查询,计算量较大,但是对用户拼写错的场景比较有用
{"query": {"fuzzy": {"title":"crme"}}}
指定最小相似度偏差
{"query": {"fuzzy": {"title":{"value":"crme","min_similarity":1}}}}
3.6.通配符查询
支持*和?等通配符
{"query": {"wildcard": {"title": "cr?me"}}}
?:任意字符
*:0个或任意多个字符
性能差,必须扫描整个倒排索引,才ok
3.7.范围查询
只能针对单个字段,可以是数值型的,也可以是基于字符串的。
{"query": {"range": {"year": {"gte" :1890,"lte":1900}}}}
3.8.正则表达式查询
查询性能取决于正则表达式
{"query": {"regexp": {"title": {"value" :"cr.m[ae]","boost":10.0 //配置评分乘以10}}}}
K[A-Z].+
[0-9]:指定范围内的数字
[a-z]:指定范围内的字母
.:一个字符
+:前面的正则表达式可以出现一次或多次
wildcard和regexp,与prefix原理一致,都会扫描整个索引,性能很差
4.布尔查询( 组合查询 )
{"query": {"bool": {"must": {"term": {"title": "crime"}},"should": {"range": {"year": {"from": 1900,"to": 2000}}},"must_not": {"term": {"otitle": "nothing"}}}}}
mus:必须包含的条件,must not:不包含 ,should:包含的话会更匹配
搜索多个条件:
GET test*/_search{"size":3,"query": {"bool":{"must": [{"match":{"message": "学生"}},{"match":{"message": "所有"}}],"should": [{"match": {"port": "53198"}},{"match": {"@timestamp":"2018-09-17T17:49:25.991Z"}}],"must_not": [{"match": {"port": "64273"}},{"match": {"port":"1234"}}]}}}
结果:
{"took": 25,"timed_out": false,"_shards": {"total": 35,"successful": 35,"skipped": 0,"failed": 0},"hits": {"total": 14,"max_score": 17.026089,"hits": [{"_index": "test-name","_type": "doc","_id": "Ff0g6GUBPXqEl7zCsbQb","_score": 17.026089,"_source": {"@timestamp": "2018-09-17T15:23:06.878Z","appname": "test-name","level": "INFO","port": 55714,"thread_name": "main","level_value": 20000,"appName": "test-name","@version": 1,"host": "192.168.1.100","logger_name": "com.example.service.StudentService","@metdata": {"ip_address": "192.168.1.100"},"message": "查询所有学生,pageNo1,pageSize1"}},{"_index": "test-name","_type": "doc","_id": "WFOm6GUBlATfpgHyvD55","_score": 16.024178,"_source": {"@timestamp": "2018-09-17T17:49:25.991Z","appname": "test-name","level": "INFO","port": 53198,"thread_name": "main","level_value": 20000,"appName": "test-name","@version": 1,"host": "192.168.1.100","logger_name": "com.example.service.StudentService","@metdata": {"ip_address": "192.168.1.100"},"message": "查询所有学生,pageNo1,pageSize1"}},{"_index": "test-name","_type": "doc","_id": "nAMg42UBRHcv2wBhnFDg","_score": 14.024178,"_source": {"@timestamp": "2018-09-16T16:04:54.948Z","appname": "test-name","level": "INFO","port": 58709,"thread_name": "main","level_value": 20000,"appName": "test-name","@version": 1,"host": "172.20.10.6","logger_name": "com.example.service.StudentService","@metdata": {"ip_address": "172.20.10.6"},"message": "查询所有学生,pageNo1,pageSize1"}}]}}
还可以这么实现:
GET test*/_search{"size":3,"query": {"query_string":{"query": "message:学生 +message:所有 -port:55714"}}}
若有收获,就点个赞吧
0 人点赞
