ELK QUERY 연습
주기적으로 연습할때마다 연습장처럼 업데이트 되는 포스트
GET _search
{
"query": {
"match_all": {}
}
}
GET /kibana_sample_data_logs/_search
{
"query": {"match_all": {}}
}
GET /kibana_sample_data_logs/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"clientip": "223.87.60.27"
}
},
{
"match": {
"extension": "deb"
}
}
]
}
}
}
GET /kibana_sample_data_logs/_search
{
"query": {
"match": {
"geo.coordinates.lat": 44.17508056
}
}
}
DELETE library
PUT library
{
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0
}
}
POST library/_bulk
{"index":{"_id":1}}
{"title":"The quick brow fox","price":5,"colors":["red","green","blue"]}
{"index":{"_id":2}}
{"title":"The quick brow fox jumps over the lazy dog","price":15,"colors":["blue","yellow"]}
{"index":{"_id":3}}
{"title":"The quick brow fox jumps over the quick dog","price":8,"colors":["red","blue"]}
{"index":{"_id":4}}
{"title":"brow fox brown dog","price":2,"colors":["black","yellow","red","blue"]}
{"index":{"_id":5}}
{"title":"Lazy dog","price":9,"colors":["red","blue","green"]}
GET /library/_search
GET /library
POST _analyze
{
"tokenizer": "standard",
"text" : "지금 통화 가능한가요?"
}
POST my_index/_doc
{
"aaaa" : "bbb"
}
GET my_index/_doc/syIl1XYB-Q87Y8iFJnLw
DELETE my_index
GET my_index
PUT /my_index/_doc/giNR1XYB-Q87Y8iFeM-5
{
"aaa" : "ddd"
}
GET /my_index/_search
{
"query": {"match_all": {}}
}
PUT /my_index
{
"settings": {
"number_of_replicas": 1,
"number_of_shards": 2
},
"mappings": {
"properties": {
"value1" : {
"type": "text"
},
"value2" : {
"type": "keyword"
}
}
}
}
PUT /my_index/_mapping
{
"properties": {
"value3": {
"type": "keyword"
}
}
}
PUT /my_index/_doc/1
{
"value1" : "세살 버릇이 여든 간다"
,"value2" : "속담"
,"value3" : "부정"
}
POST /my_index/_doc/4
{
"value1" : "바늘 도둑이 소 도둑 된다"
,"value2" : "속담"
,"value3" : "부정"
}
GET /my_index
GET /my_index/_search
{
"query": {
"match_all": {}
}
}
GET /my_index/_search
{
"query": {
"match": {
"value1": "여든"
}
}
}
GET /my_index/_search
{
"query": {
"match_phrase": {
"value1": "도둑 된다"
}
}
}
GET /my_index/_search
{
"query": {
"match": {
"value1": "도둑 된다"
}
}
}
POST _analyze
{
"tokenizer": "standard",
"text" : "바늘 도둑이 소 도둑 된다"
}
GET /my_index/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"value2": "속담"
}
},
{
"match": {
"value1": "도둑 된다"
}
}
]
}
}
}
GET /my_index/_search
{
"query": {
"bool": {
"must_not": [
{
"match_phrase": {
"value1": "도둑 된다"
}
}
],
"must": [
{
"match": {
"value1": "말이"
}
},
{
"match": {
"value1": "세살"
}
}
]
}
}
}
DELETE /my_index
DELETE index_standard_analyzer
PUT index_standard_analyzer
{
"settings": {
"analysis": {
"analyzer": {
"std" : {
"type" : "standard"
}
}
}
},
"mappings": {
"properties": {
"my_text" : {
"type" : "text"
,"analyzer": "std"
}
}
}
}
POST /index_standard_analyzer/_analyze
{
"field": "my_text"
,"text": "The Standard Analyzer works this way"
}
GET /index_standard_analyzer/_search
{
"query": {
"match_all": {}
}
}
PUT index_standard_analyzer_english_stopwords
{
"settings": {
"analysis": {
"analyzer": {
"std" : {
"type" : "standard"
,"stopwords" : "_english_"
}
}
}
},
"mappings": {
"properties": {
"my_text": {
"type" : "text",
"analyzer": "std"
}
}
}
}
POST /index_standard_analyzer_english_stopwords/_analyze
{
"field": "my_text"
,"text": "The Standard Analyzer works this way."
}
PUT index_standard_analyzer_korean_stopwords
{
"settings": {
"analysis": {
"analyzer": {
"std" : {
"type" : "standard"
,"stopwords" : "_korean_"
}
}
}
},
"mappings": {
"properties": {
"my_text": {
"type" : "text",
"analyzer": "std"
}
}
}
}
POST /index_standard_analyzer_korean_stopwords/_doc
{
"my_text" : ""
}
POST /index_standard_analyzer_korean_stopwords/_analyze
{
"field": "my_text"
,"text": "저 남자는 그녀를 계속 바라보고 있었다."
}
GET /index_standard_analyzer_korean_stopwords/_search
{
"query": {
"match": {
"my_text": "저"
}
}
}
DELETE index_standard_analyzer
DELETE index_standard_analyzer_english_stopwords
DELETE index_standard_analyzer_korean_stopwords
PUT /custom_analyzer_index
{
"settings": {
"analysis": {
"analyzer": {
"custom_analyzer" : {
"type" : "custom",
"tokenizer" : "standard",
"filter" : [
"lowercase"
,"custom_edge_ngram"
]
}
},
"filter": {
"custom_edge_ngram" : {
"type" : "edge_ngram",
"min_gram" : 2,
"max_gram" : 10
}
}
}
},
"mappings": {
"properties": {
"product" : {
"type" : "text",
"analyzer": "custom_analyzer",
"search_analyzer": "standard"
}
}
}
}
POST /custom_analyzer_index/_doc
{
"product" : "Learning Elastic Stack 6"
}
POST /custom_analyzer_index/_doc
{
"product" : "Mastering Elasticsearch"
}
GET /custom_analyzer_index/_search
{
"query": {
"match": {
"product": "el"
}
}
}
POST /custom_analyzer_index/_analyze
{
"field": "product"
,"text": "Learning Elastic Stack 6"
}
PUT /test_index
{
"mappings": {
"properties": {
"val" : {
"type": "text"
}
}
}
}
POST /test_index/_doc
{
"val" : "Learning Elastic Stack 6"
}
POST /test_index/_analyze
{
"field": "val",
"text": "Learning Elastic Stack 6"
}
DELETE /test_index
PUT /amazon_products
{
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0,
"analysis": {
"analyzer": {}
}
},
"mappings": {
"properties": {
"id": {
"type": "keyword"
},
"title": {
"type": "text"
},
"description": {
"type": "text"
},
"manufacturer": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},
"price": {
"type": "scaled_float",
"scaling_factor": 100
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match_all": {}
}
}
GET /amazon_products/_search
{
"query": {
"range": {
"price": {
"gte": 10,
"lte": 20
}
}
}
, "size": 10
,"sort": [
{
"price": {
"order": "asc"
}
}
]
, "from": 0
}
GET /kibana_sample_data_logs/_search
{
"query": {
"range": {
"utc_time": {
"gte": "01/12/2020",
"lte": "30/12/2020",
"format": "dd/MM/yyyy||yyyy"
}
}
}
}
GET /kibana_sample_data_logs/_search
{
"query": {
"range": {
"utc_time": {
"gte": "now-30d",
"lte": "now"
}
}
}
, "size": 2
,"sort": [
{
"utc_time": {
"order": "desc"
}
}
]
}
GET /amazon_products/_search
{
"query": {
"bool": {
"must": [
{
"exists": {
"field": "title"
}
}
]
}
}
}
GET /amazon_products/_search
{
"query": {
"term": {
"manufacturer.raw": {
"value": "victory multimedia"
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match": {
"manufacturer": "victory multimedia"
}
}
}
GET /amazon_products/_search
{
"query": {
"match": {
"manufacturer": {
"query": "victory multimedia",
"operator": "and"
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match": {
"manufacturer": {
"query": "victory multimedia"
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match": {
"manufacturer": {
"query": "victory multimedia",
"minimum_should_match": 2
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match": {
"manufacturer": {
"query": "vicddtory",
"fuzziness": "auto"
}
}
}
}
GET /amazon_products/_search
{
"query": {
"match_phrase": {
"description": {
"query": "real video saltware aquarium"
}
}
}
}
GET /amazon_products/_search
{
"query": {
"multi_match": {
"query": "monitor aquarium",
"fields": ["title","description"]
}
}
}
GET /amazon_products/_search
{
"query": {
"bool": {
"must_not": [
{
"match": {
"id": "b000f613x2"
}
}
],
"must": [
{
"multi_match": {
"query": "monitor aquarium",
"fields": ["title^3","description"]
}
}
]
}
}
}
GET /amazon_products/_search
{
"query": {
"multi_match": {
"query": "monitor aquarium",
"fields": ["title^3","description"]
}
}
}
GET /amazon_products/_search
{
"query": {
"term": {
"manufacturer.raw": "victory multimedia"
}
}
}
GET /amazon_products/_search
{
"query": {
"constant_score": {
"filter": {
"term": {
"manufacturer.raw": "victory multimedia"
}
},
"boost": 1.2
}
}
}
GET /amazon_products/_search
{
"query": {
"bool": {
"should": [
{
"range": {
"price": {
"gte": 10,
"lte": 13
}
}
},
{
"term": {
"manufacturer": {
"value": "valuesoft"
}
}
}
]
}
}
}
GET /bigginsight/_search
{
"aggs": {
"unique_visitors": {
"cardinality": {
"field": "username"
}
}
}
,"size": 0
}
GET /bigginsight/_search
{
"aggs": {
"byCategory": {
"terms": {
"field": "category"
}
},
"byCustomer" : {
"terms": {
"field": "customer"
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"query": {
"match_all": {}
}
}
GET /bigginsight/_search
{
"aggs": {
"byUsage": {
"histogram": {
"field": "usage",
"interval": 1000
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"aggs": {
"byUsage": {
"range": {
"field": "usage",
"ranges": [
{
"to": 1024,"key": "Upto 1kb"
},
{
"from": 1024, "to": 102400,"key": "1 kb to 100 kb"
},
{
"from": 102400,"key": "100 kb and more"
}
]
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"query": {
"term": {
"customer": {
"value": "Linkedin"
}
}
},
"aggs": {
"byCategory": {
"terms": {
"field": "category"
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"customer": {
"value": "Linkedin"
}
}
},
{
"range": {
"time": {
"gte": 1506257800000,
"lte": 1506314200000
}
}
}
]
}
},
"aggs": {
"byUser": {
"terms": {
"field": "username"
},
"aggs": {
"total_usage": {
"sum": {
"field": "usage"
}
}
}
}
},
"size": 0
}
GET /kibana_sample_data_logs/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"machine.os.keyword": "win 8"
}
},
{
"range": {
"utc_time": {
"gte": "2020-12-06T00:39:02.912Z",
"lte": "2020-12-07T00:39:02.912Z"
}
}
}
]
}
},
"aggs": {
"by_host": {
"terms": {
"field": "host.keyword"
,"order": {
"sum_byte": "asc"
}
,"size": 2
}
,"aggs": {
"sum_byte": {
"sum": {
"field": "bytes"
}
}
}
}
},
"size": 0
}
GET /kibana_sample_data_logs/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"machine.os.keyword": "win 8"
}
},
{
"range": {
"utc_time": {
"gte": "2020-12-06T00:39:02.912Z",
"lte": "2020-12-07T00:39:02.912Z"
}
}
}
]
}
},
"aggs": {
"by_host": {
"terms": {
"field": "host.keyword"
}
,"aggs": {
"sum_byte": {
"sum": {
"field": "bytes"
}
}
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"customer": {
"value": "Linkedin"
}
}
},
{
"range": {
"time": {
"gte": 1506257800000,
"lte": 1506314200000
}
}
}
]
}
},
"aggs": {
"by_departments": {
"terms": {
"field": "department"
},
"aggs": {
"by_username": {
"terms": {
"field": "username",
"size": 2,
"order": {
"total_usage": "desc"
}
},
"aggs": {
"total_usage": {
"sum": {
"field": "usage"
}
}
}
}
}
}
},
"size": 0
}
GET /bigginsight/_search
{
"query": {"match_all": {}}
}
GET /bigginsight/_search
{
"query": {
"match": {
"department": "Operations"
}
}
}
GET /bigginsight/_search
{
"aggs": {
"chat": {
"filter": {
"term": {
"category": "Chat"
}
}
}
},
"size": 0
}
GET bigginsight/_search?size=0
{
"aggs": {
"messages": {
"filters": {
"filters": {
"chat": { "match": { "category": "Chat" }},
"skype": { "match": { "application": "Skype" }},
"other_than_skype": {
"bool": {
"must": {"match": {"category": "Chat"}},
"must_not": {"match": {"application": "Skype"}}
}
}
}
}
}
}
}
GET /bigginsight/_search?size=0
{
"aggs": {
"traffic_by_date": {
"date_histogram": {
"field": "time",
"calendar_interval": "1d",
"time_zone": "+05:30"
}
, "aggs": {
"upload_total_by_date": {
"sum": {
"field": "uploadTotal"
}
},
"downlaod_total_by_date": {
"sum": {
"field": "downloadTotal"
}
}
}
}
}
}
GET /bigginsight/_search
{
"query": {"match_all": { }}
}
GET /bigginsight/_search?size=0
{
"aggs": {
"distance": {
"geo_distance": {
"field": "location",
"origin": {
"lat": 23.102869,
"lon": 72.595692
},
"ranges": [
{
"to": 1000
}
]
}
, "aggs": {
"avg_usage": {
"avg": {
"field": "usage"
}
}
}
}
}
}
GET /bigginsight/_search?size=0
{
"query": {
"bool": {
"must": [
{
"term": {
"customer": {
"value": "Linkedin"
}
}
},
{
"range": {
"time": {
"gte": 1506277800000
}
}
}
]
}
},
"aggs": {
"count_over_time": {
"date_histogram": {
"field": "time",
"calendar_interval": "1h",
"time_zone": "+05:00"
},
"aggs": {
"hourly_usage": {
"sum": {
"field": "usage"
}
},
"cumulative_hourly_usage" : {
"cumulative_sum": {
"buckets_path": "hourly_usage"
}
}
}
}
}
}
댓글 없음:
댓글 쓰기