ELK 7.7.1 多条件查询实战
在使用 Elasticsearch 进行复杂检索时,单一条件往往无法满足需求。通过 Java High Level REST Client,我们可以灵活组合多个查询条件。下面是一个具体的示例,演示如何同时指定索引名、文档 ID 以及时间范围。
核心在于使用 BoolQueryBuilder 的 must 子句来确保所有条件都被满足。这里我们分别对 _id、_index 和 @timestamp 字段进行了约束。
public void test() {
try {
getClient();
SearchRequest searchRequest = new SearchRequest("tomcat1-7.7.1-2020.06.22");
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
// 精确匹配文档 ID
TermQueryBuilder termQueryBuilder = new TermQueryBuilder("_id", "GYvx2nIBOcu5RyqDeLFr");
boolQueryBuilder.must(termQueryBuilder);
// 限制索引名称
TermQueryBuilder termQueryBuilder2 = new TermQueryBuilder("_index", "tomcat1-7.7.1-2020.06.22");
boolQueryBuilder.must(termQueryBuilder2);
// 时间范围查询
RangeQueryBuilder rangeQueryBuilder = QueryBuilders.rangeQuery("@timestamp");
rangeQueryBuilder.gte("2020-06-20T16:00:00.000Z");
rangeQueryBuilder.lte("2020-06-27T15:59:59.999Z");
boolQueryBuilder.must(rangeQueryBuilder);
();
searchSourceBuilder.query(boolQueryBuilder);
searchSourceBuilder.from();
searchSourceBuilder.size();
searchSourceBuilder.timeout( (, TimeUnit.SECONDS));
searchRequest.source(searchSourceBuilder);
client.search(searchRequest, RequestOptions.DEFAULT);
searchResponse.getHits();
hits.getTotalHits();
totalHits.value;
SearchHit[] searchHits = hits.getHits();
(SearchHit hit : searchHits) {
hit.getIndex();
hit.getId();
hit.getScore();
hit.getSourceAsString();
Map<String, Object> sourceAsMap = hit.getSourceAsMap();
System.out.println(sourceAsMap);
}
} (Exception e) {
e.printStackTrace();
} {
closeClient();
}
}
