ELK 7.7.1 多条件查询实战
在使用 Elasticsearch 进行复杂检索时,单一条件往往无法满足需求。通过 Java High Level REST Client,我们可以灵活组合多个查询条件。下面是一个具体的示例,演示如何同时指定索引名、文档 ID 以及时间范围。
核心在于使用 BoolQueryBuilder 的 must 子句来确保所有条件都被满足。这里我们分别对 _id、_index 和 @timestamp 字段进行了约束。
public void test() {
try {
getClient();
SearchRequest searchRequest = new SearchRequest("tomcat1-7.7.1-2020.06.22");
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
// 精确匹配文档 ID
TermQueryBuilder termQueryBuilder = new TermQueryBuilder("_id", "GYvx2nIBOcu5RyqDeLFr");
boolQueryBuilder.must(termQueryBuilder);
// 限制索引名称
TermQueryBuilder termQueryBuilder2 = new TermQueryBuilder("_index", "tomcat1-7.7.1-2020.06.22");
boolQueryBuilder.must(termQueryBuilder2);
// 时间范围查询
RangeQueryBuilder rangeQueryBuilder = QueryBuilders.rangeQuery("@timestamp");
rangeQueryBuilder.gte("2020-06-20T16:00:00.000Z");
rangeQueryBuilder.lte("2020-06-27T15:59:59.999Z");
boolQueryBuilder.must(rangeQueryBuilder);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
searchSourceBuilder.query(boolQueryBuilder);
searchSourceBuilder.from(0);
searchSourceBuilder.size(5);
searchSourceBuilder.timeout(new TimeValue(60, TimeUnit.SECONDS));
searchRequest.source(searchSourceBuilder);
// 执行查询
SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
SearchHits hits = searchResponse.getHits();
TotalHits totalHits = hits.getTotalHits();
long numHits = totalHits.value;
SearchHit[] searchHits = hits.getHits();
for (SearchHit hit : searchHits) {
String index = hit.getIndex();
String id = hit.getId();
float score = hit.getScore();
String sourceAsString = hit.getSourceAsString();
Map<String, Object> sourceAsMap = hit.getSourceAsMap();
System.out.println(sourceAsMap);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
closeClient();
}
}
这段代码中,timeout 设置允许查询最多运行 60 秒,防止长时间阻塞。获取结果后,通过 SearchHit 可以访问到索引名、ID、分数以及原始数据源。实际开发中,建议根据业务需求调整 size 和分页参数。
