Elastic Stack 7.0.0 试用 - nimysan/devops GitHub Wiki
基础查询
常用工具和命令:
下载 curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.0.0-darwin-x86_64.tar.gz
针对index openapiprod的type openapilog做查询
GET /openapiprod/openapilog/_search
{
"query": { //匹配策略
"match_all": {}
},
"size": 0, //hits返回数量数据
"aggs": { //统计分析
"apiid_max": {//统计分析名称
"stats": {//状态统计 avg/min/max 之类
"field": "total_cost_time" //根据文档字段total_cost_time做统计分析
}
}
}
}
基于地理位置过滤的一个典型查询
GET /filebeat-7.0.0-2019.04.17/_search
{
"size": 0,
"aggs": {
"filter_agg": {
"filter": {
"geo_bounding_box": {
"source.geo.location": {
"top_left": {
"lat": 90,
"lon": -180
},
"bottom_right": {
"lat": -71.41012,
"lon": 180
}
}
}
},
"aggs": {
"2": {
"geohash_grid": {
"field": "source.geo.location",
"precision": 2
},
"aggs": {
"3": {
"geo_centroid": {
"field": "source.geo.location"
}
}
}
}
}
}
},
"version": true,
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {}
},
"fragment_size": 2147483647
},
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
"@timestamp",
"event.created",
"event.end",
"event.start",
"file.ctime",
"file.mtime",
"process.start"
],
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "event.module:nginx",
"default_field": "*"
}
},
{
"query_string": {
"analyze_wildcard": true,
"query": "*",
"default_field": "*"
}
},
{
"range": {
"@timestamp": {
"gte": 1555482813895,
"lte": 1555483713896,
"format": "epoch_millis"
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}