Scenarios:
--Get all records
{
"query": {
"match_all": {}
}
}
--Single term
{
"query": {
"term": {
"UserName.raw": "Jerry"
}
}
}
--date range
{
"query": {
"range": {
"Date": {
"gt": "2020-01-22T20:00:00.3638639-06:00",
"lt": "2020-01-22T21:00:00.3638639-06:00"
}
}
}
}
-- "range": {
"DateRequested": {
"gte": "now-30m"
}
--multiple terms
{
"query": {
"terms": {
"UserName.raw": [
"Jerry",
"Terry"
]
}
},
"sort": [
{
"Date": {
"order": "desc"
}
}
]
}
--Single term wild card
{
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
}
}
--Single term exists
{
"query": {
"exists": {
"field": "Local"
}
}
}
--multiple conditions and select columns
{
"query": {
"filtered": {
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
},
"filter": {
"term": {
"City.raw": "NeverLand"
}
}
}
},
"fields": ["UserId", "Name"]
}{
"query": {
"bool": {
"filter": [
{
"terms": {
"groupIds": [
"123"
]
}
},
{
"term": {
"userid": {
"value": "1"
}
}
},
{
"term": {
"name": {
"value": "Ram"
}
}
}
]
}
},
"size": 9999
}
--true match
{
"query": {
"bool": {
"must": [
{
"term": {
"City.raw": "NeverLand"
}
}
}
]
}
}
}
--false match
{
"query": {
"bool": {
"must_not": [
{
"term": {
"City.raw": "NeverLand"
}
}
}
]
}
}
}
--aggregate
{
"query": {
"term": {
"City.raw": "NeverLand"
}
},
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
},
"aggs":
{
"Avg" :
{
"avg":
{
"field":"Time"
}
}
}
}
--group by aggregate
{
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"range": {
"Date": {
"gte": "now-30m"
}
}
},
{
"wildcard": {
UserName.raw": {
"value": "*rry"
}
}
}
]
}
}
}
},
"aggs": {
"Hourly": {
"date_histogram": {
"field": "Date",
"interval": "hour"
},
"aggs": {
"Group By City": {
"terms": {
"field": "City",
"size": 0
}
}
}
}
}
}
--List all cities
{
"aggs": {
"group_by_City": {
"terms": {
"field": "City.raw",
"size": 0
}
}
}
}
--ELK query with multiple conditions:
{
"query": {
"bool": {
"must": {
"bool": {
"should": [
{
"match": {
"Category": "Test"
}
},
{
"match": {
"Category": "Test1"
}
}
]
}
},
"filter": {
"terms": {
"Id": [
"111",
"222"
]
}
}
}
},
"fields": ["Id", "Category","@time"],
}
--Delete document by id
DELETE /index/[_type]/doc Id
--Get all records {
"query": {
"match_all": {}
}
}
--Single term
{
"query": {
"term": {
"UserName.raw": "Jerry"
}
}
}
--date range
{
"query": {
"range": {
"Date": {
"gt": "2020-01-22T20:00:00.3638639-06:00",
"lt": "2020-01-22T21:00:00.3638639-06:00"
}
}
}
}
-- "range": {
"DateRequested": {
"gte": "now-30m"
}
--multiple terms
{
"query": {
"terms": {
"UserName.raw": [
"Jerry",
"Terry"
]
}
},
"sort": [
{
"Date": {
"order": "desc"
}
}
]
}
--Single term wild card
{
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
}
}
--Single term exists
{
"query": {
"exists": {
"field": "Local"
}
}
}
--multiple conditions and select columns
{
"query": {
"filtered": {
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
},
"filter": {
"term": {
"City.raw": "NeverLand"
}
}
}
},
"fields": ["UserId", "Name"]
}{
"query": {
"bool": {
"filter": [
{
"terms": {
"groupIds": [
"123"
]
}
},
{
"term": {
"userid": {
"value": "1"
}
}
},
{
"term": {
"name": {
"value": "Ram"
}
}
}
]
}
},
"size": 9999
}
--true match
{
"query": {
"bool": {
"must": [
{
"term": {
"City.raw": "NeverLand"
}
}
}
]
}
}
}
--false match
{
"query": {
"bool": {
"must_not": [
{
"term": {
"City.raw": "NeverLand"
}
}
}
]
}
}
}
--aggregate
{
"query": {
"term": {
"City.raw": "NeverLand"
}
},
"query": {
"wildcard": {
"UserName.raw": {
"value": "*rry"
}
}
},
"aggs":
{
"Avg" :
{
"avg":
{
"field":"Time"
}
}
}
}
--group by aggregate
{
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"range": {
"Date": {
"gte": "now-30m"
}
}
},
{
"wildcard": {
UserName.raw": {
"value": "*rry"
}
}
}
]
}
}
}
},
"aggs": {
"Hourly": {
"date_histogram": {
"field": "Date",
"interval": "hour"
},
"aggs": {
"Group By City": {
"terms": {
"field": "City",
"size": 0
}
}
}
}
}
}
--List all cities
{
"aggs": {
"group_by_City": {
"terms": {
"field": "City.raw",
"size": 0
}
}
}
}--ELK query with multiple conditions: { "query": { "bool": { "must": { "bool": { "should": [ { "match": { "Category": "Test" } }, { "match": { "Category": "Test1" } } ] } }, "filter": { "terms": { "Id": [ "111", "222" ] } } } }, "fields": ["Id", "Category","@time"], } |
No comments:
Post a Comment