一、查询所有数据
GET _search
{
"query": {
"match_all": {}
}
}
二、复合查询
布尔查询:
查询类型 |
描述 |
|---|---|
| must | 结果与子查询条件必须匹配 |
| filter | 与子查询条件必须配匹,但不计算分数 |
| should | 与子查询条件中部分匹配,可以使用minimum_should_match参数指定should返回的文档必须匹配的子句的数量或百分比。如果bool查询包含至少一个should子句,而没有must或 filter子句,则默认值为1。否则,默认值为0。 |
| must_not | 与must相反 |
{
"query": {
"bool": {
"must": {
"range": {
"level": {
"gt": 5,
"lte": 10
}
}
},
"must_not": {
"term": {
"name": "tencent"
}
},
"should": [
{
"term": {
"name": "alibaba"
}
},
{
"term": {
"level": 8
}
}
],
"minimum_should_match" : 1,
"boost": 1
}
}
}
三、术语查询
1、Exists
返回包含字段索引值的文档
GET /_search
{
"query": {
"exists": {
"field": "user"
}
}
}
2、Fuzzy query
返回包含与搜索词相似的词的文档,如box → fox、black → lack
GET /_search
{
"query": {
"fuzzy": {
"user.id": {
"value": "ki"
}
}
}
}
3、IDs
根据其ID返回文档
GET /_search
{
"query": {
"ids" : {
"values" : ["1", "4", "100"]
}
}
}
4、Prefix query
返回在提供的字段中包含特定前缀的文档
GET /_search
{
"query": {
"prefix": {
"user.id": {
"value": "ki"
}
}
}
}
5、Range query
返回设定范围内的文档,参数:gt、gte、lt、lte
GET /_search
{
"query": {
"range": {
"age": {
"gte": 10,
"lte": 20,
"boost": 2.0
}
}
}
}
6、Regexp query
返回与正则表达式匹配的文档
GET /_search
{
"query": {
"regexp": {
"user.id": {
"value": "k.*y",
"flags": "ALL",
"case_insensitive": true,
"max_determinized_states": 10000,
"rewrite": "constant_score"
}
}
}
}
7、Term query
返回等于提供参数的文档
GET /_search
{
"query": {
"term": {
"user.id": {
"value": "kimchy",
"boost": 1.0
}
}
}
}
8、Terms query
返回等于提供参数的文档,参数可以有多个
GET /_search
{
"query": {
"terms": {
"user.id": [ "kimchy", "elkbee" ],
"boost": 1.0
}
}
}
9、Terms set query
可以设定包含参数的个数,如需要找到至少匹配java、python、golang中两种编程语言的文档。
GET /job-candidates/_search
{
"query": {
"terms_set": {
"programming_languages": {
"terms": [ "c++", "java", "php" ],
"minimum_should_match_field": 2
}
}
}
}
10、Wildcard query
可以使用以下通配符匹配
- ?:与任何单个字符匹配
- *:可以匹配零个或多个字符,包括一个空字符
GET /_search
{
"query": {
"wildcard": {
"user.id": {
"value": "ki*y",
"boost": 1.0,
"rewrite": "constant_score"
}
}
}
}
四、聚合查询
1、metrics 聚合查询
根据其ID返回文档
POST /<target>/_search
{
"query": {
"match_all": {}
},
"aggs": {
"avg_level": {
"avg": {
"field": "level"
}
}
}
}
avg改为stats可以查询到最大、最小、平均、求和、数量值。
"aggregations": {
"avg_level": {
"count": 17,
"min": 0.0,
"max": 10.0,
"avg": 7.235294117647059,
"sum": 123.0
}
}
2、Bucket 聚合查询
按照某个字段分组查询
POST /<target>/_search
{
"query": {
"match_all": {}
},
"aggs": {
"group_by_level": {
"terms": {
"field": "level"
}
}
}
}
结果
...
"aggregations": {
"group_by_level": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": 10,
"doc_count": 6
},
{
"key": 0,
"doc_count": 3
},
{
"key": 7,
"doc_count": 3
},
{
"key": 8,
"doc_count": 3
},
{
"key": 9,
"doc_count": 2
}
]
}
}
...
在分组的同时进行sum统计
{
"query": {
"match_all": {}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "issue_time"
},
"aggs": {
"sum_level": {
"sum": {
"field": "level"
}
}
}
}
}
}
结果
"aggregations": {
"group_by_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": 1352985120000,
"key_as_string": "2012-11-15T13:12:00.000Z",
"doc_count": 12,
"sum_level": {
"value": 88.0
}
},
{
"key": 4098431520000,
"key_as_string": "2099-11-15T13:12:00.000Z",
"doc_count": 5,
"sum_level": {
"value": 35.0
}
}
]
}
}
五、全文检索
1、Intervals query
根据匹配项的顺序和接近程度返回文档
This search would match a my_text value of my favorite food is coldporridge but not when it's cold my favorite food is porridge
POST _search
{
"query": {
"intervals" : {
"my_text" : {
"all_of" : {
"ordered" : true,
"intervals" : [
{
"match" : {
"query" : "my favorite food",
"max_gaps" : 0,
"ordered" : true
}
},
{
"any_of" : {
"intervals" : [
{ "match" : { "query" : "hot water" } },
{ "match" : { "query" : "cold porridge" } }
]
}
}
]
}
}
}
}
}
2、Match query
Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.
GET /_search
{
"query": {
"match": {
"message": {
"query": "this is a test"
}
}
}
}
3、Match boolean prefix query
A match_bool_prefix query analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query. A match_bool_prefix query such as
GET /_search
{
"query": {
"match_bool_prefix" : {
"message" : "quick brown f"
}
}
}
where analysis produces the terms quick, brown, and f is similar to the following bool query
GET /_search
{
"query": {
"bool" : {
"should": [
{ "term": { "message": "quick" }},
{ "term": { "message": "brown" }},
{ "prefix": { "message": "f"}}
]
}
}
}
4、Match phrase query
The match_phrase query analyzes the text and creates a phrase query out of the analyzed text.
GET /_search
{
"query": {
"match_phrase": {
"message": "this is a test"
}
}
}
5、Match phrase prefix query
Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.
This search would match a message value of quick brown fox or two quick
brown ferrets but not the fox is quick and brown.
GET /_search
{
"query": {
"match_phrase_prefix": {
"message": {
"query": "quick brown f"
}
}
}
}
6、Multi-match query
The multi_match query builds on the match query to allow multi-field queries:
GET /_search
{
"query": {
"multi_match" : {
"query": "this is a test",
"fields": [ "subject", "message" ]
}
}
}
7、Query string query
Returns documents based on a provided query string, using a parser with a strict syntax
GET /_search
{
"query": {
"query_string": {
"query": "(new york city) OR (big apple)",
"default_field": "content"
}
}
}
8、Simple query string query
Returns documents based on a provided query string, using a parser with a limited but fault-tolerant syntax.
GET /_search
{
"query": {
"simple_query_string" : {
"query": "\"fried eggs\" +(eggplant | potato) -frittata",
"fields": ["title^5", "body"],
"default_operator": "and"
}
}
}