Elastic Search - everjs78/study GitHub Wiki

๊ธฐ๋ณธ

  • mapping ์—†์„ ๋•Œ ๋™์ž‘
    • string type์ด๋ฉด ๋ชจ๋“  field๊ฐ€ term/keyword ๋‘ ๊ฐœ ์ƒ์„ฑ. keyword๋Š” 256์ด์ƒ์ด๋ฉด truncate
    • number type์€ long
  • Text type
    • ํ˜•ํƒœ์†Œ ๋ถ„์„์šฉ์ด๋ฏ€๋กœ, aggregation ์ด๋‚˜ ์ •๋ ฌ์ด ๋ถˆ๊ฐ€๋Šฅ
  • Keyword type
    • ignore_above 256 ์ด๋ฉด 256์„ ๋„˜๋Š” ๊ฒฝ์šฐ empty๋กœ ์ €์žฅ๋˜๋ฏ€๋กœ ์กฐ์‹ฌํ• ๊ฒƒ
  • Aggregation
    • query์˜ ๊ฒฐ๊ณผ size์™€ ๊ด€๊ณ„์—†์ด query ์ „์ฒด์— ๋Œ€ํ•ด aggregation์€ ๋™์ž‘ํ•จ
    • query ํ•œ ๊ฒฐ๊ณผ์— ๋Œ€ํ•ด ์ˆ˜ํ–‰ ํ•˜๊ฑฐ๋‚˜ query๊ฐ€ ์—†์œผ๋ฉด ์ „์ฒด ๋ฌธ์„œ์— ์ˆ˜ํ–‰
  • Query Debugging
POST movie/_validate/query?rewrite=true
 {
    "query" : {...} 
 }

  • rollup

    • index ๋ณ€๊ฒฝ๋Ÿ‰ ๋ณด๊ธฐ
    GET _cat/indices/myinde,rollup?v

  • ์ƒˆ๋กœ์šด index์ƒ์„ฑ์‹œ mapping์„ template์œผ๋กœ ๋ถ€ํ„ฐ ์ ์šฉ

    • ๋‹ค์Œ์€ nginx-access-log ๋ผ๋Š” ํ…œํ”Œ๋ฆฟ์„ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์œผ๋กœ, ์ธ๋ฑ์Šค๊ฐ€ nginx-access-* ์— ํ•ด๋‹นํ•˜๋Š” ํŒจํ„ด์ด๋ผ๋ฉด, ์ง€์ •๋œ mapping ์œผ๋กœ ์ธ๋ฑ์Šค๋ฅผ ์ƒ์„ฑํ•œ๋‹ค.
    ํ…œํ”Œ๋ฆฟ ์ƒ์„ฑํ•˜๊ธฐ
๋‹ค์Œ์€ nginx-access-log ๋ผ๋Š” ํ…œํ”Œ๋ฆฟ์„ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์œผ๋กœ, ์ธ๋ฑ์Šค๊ฐ€ nginx-access-* ์— ํ•ด๋‹นํ•˜๋Š” ํŒจํ„ด์ด๋ผ๋ฉด, ์ง€์ •๋œ mapping ์œผ๋กœ ์ธ๋ฑ์Šค๋ฅผ ์ƒ์„ฑํ•œ๋‹ค.
## nginx-access-log ํ…œํ”Œ๋ฆฟ ์ƒ์„ฑ
curl -X "PUT" "http://my-elasticsearch-server-host:9200/_template/nginx-access-log" \
 -H 'Content-Type: application/json; charset=utf-8' \
 -d $'{
"index_patterns": [
 "nginx-access-*"
],
"mappings": {
"log": { // type name
  "properties": {
    "ip": {
      "type": "text"
    },
    "host": {
      "type": "keyword"
    },
    "uri": {
      "type": "text"
    },
    "datetime": {
      "type": "date"
    },
    "@timestamp": {
      "type": "date"
    }
  }
}
........
  }
}'

์‚ฌ์šฉ ์˜ˆ์ œ

  • ์ƒ์„ฑ

    • curl -XPUT 'localhost:9200/customer?pretty

  • index ๋ฆฌ์ŠคํŠธ

    • curl -XGET 'localhost:9200/_cat/indices?v'

  • insert 1 document

    • curl -XPOST 'localhost:9200/customer2/info/1?pretty' -H 'Content-Type: application/json' -d '{ "name": "victolee" }'

  • ๋ชจ๋“  index์˜ size๋ณด๋Š” ๋ฐฉ๋ฒ•

    • GET _cat/indices/everjs-2018*,everjs_rollup_idx?v

์šด์˜

  • elasticsearch
    sudo docker run -d --restart="always" --name elasticsearch \
    -p 9200:9200 \
    -p 9300:9300 \
    -u 1000 \
    -e "discovery.type=single-node" \
    -e "bootstrap.memory_lock=true" --ulimit memlock=-1:-1 \
    -v `pwd`/data:/usr/share/elasticsearch/data \
    -v `pwd`/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
    -v `pwd`/jvm.options:/usr/share/elasticsearch/config/jvm.options \
    docker.elastic.co/elasticsearch/elasticsearch:6.7.0
    
    # kibana
    sudo docker run -d --restart="always" --name kibana \
    -p 5601:5601 \
    -e SERVER_NAME=aergo-kibana \
    --link elasticsearch:elasticsearch \
    -e ELASTICSEARCH_hosts=http://localhost:9200 \
    docker.elastic.co/kibana/kibana:6.7.0
    # --network=aergo-horde \

์ฟผ๋ฆฌ ์˜ˆ์ œ

Elastic Query Example