ES-增删改查
写作目的
供想了解ES数据操作的伙伴学习ES的CRUD操作。
测试环境
ES7.8.1 postman
创建索引库
// PUT请求
localhost:9200/test_alert
{
"mappings": {
"properties": {
"src_ip": {
"type": "ip"
},
"src_port": {
"type": "integer"
},
"domain": {
"type": "text"
},
"ip_type": {
"type": "byte"
},
"protocol": {
"type": "short"
},
"category": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"create_time": {
"type": "date"
},
"ioc_threat_tag": {
"type": "integer"
},
"user_id": {
"type": "long"
}
}
}
}
===返回===
{
"acknowledged": true,
"shards_acknowledged": true,
"index": "test_alert1"
}
查看索引库结构
// GET请求
localhost:9200/test_alert/_mapping
====返回====
{
"version": 3,
"mapping_version": 1,
"settings_version": 1,
"aliases_version": 1,
"routing_num_shards": 1024,
"state": "open",
"settings": {
"index": {
"creation_date": "1676344367294",
"number_of_shards": "1",
"number_of_replicas": "1",
"uuid": "l06g5nl8QiWCwxqbbO_gaQ",
"version": {
"created": "7080199"
},
"provided_name": "test_alert"
}
},
"mappings": {
"_doc": {
"properties": {
"src_ip": {
"type": "ip"
},
"src_port": {
"type": "integer"
},
"protocol": {
"type": "short"
},
"create_time": {
"type": "date"
},
"user_id": {
"type": "long"
},
"domain": {
"type": "text"
},
"ioc_threat_tag": {
"type": "integer"
},
"category": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"ip_type": {
"type": "byte"
}
}
}
},
"aliases": [],
"primary_terms": {
"0": 1
},
"in_sync_allocations": {
"0": [
"JW63ZMQRT9W7kSrKAL-Wcw"
]
},
"rollover_info": {}
}
删除索引库
指定索引库删除
//DELETE请求
http://127.0.0.1:9200/test_alert
===返回===
{
"acknowledged": true
}
批量删除
http://127.0.0.1:9200/test_alert*
===返回===
{
"acknowledged": true
}
新增数据
不指定id
自动生成的id,长度为20个字符,URL安全,base64编码,GUID,分布式系统并行生成时不可能会发生冲突,
GUID:GUID算法,可保证在分布式的环境下,不同节点同一时间创建的 _id 一定是不冲突的。
// POST请求
http://127.0.0.1:9200/test_alert/_doc
{
"src_ip":"1.1.1.1",
"src_port": 80,
"domain":"www.juminfo.com",
"ip_type":4,
"protocol":1,
"createTime":"2022-12-12 18:18:18",
"category":18888.0,
"ioc_threat_tag":[1,2,3,4],
"user_id":1
}
===返回===
{
"_index": "test_alert",
"_type": "_doc",
"_id": "jIjwTYYBma4deQZeF0Y3", // es会随机生成一个id
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 0,
"_primary_term": 1
}
指定id
// POST请求
http://127.0.0.1:9200/test_alert/_doc/1
{
"src_ip":"2.2.2.2",
"src_port": 80,
"domain":"www.jira.com",
"ip_type":4,
"protocol":1,
"createTime":"2023-02-12 18:18:18",
"category":18888.0,
"ioc_threat_tag":[1,2,3,4],
"user_id":2
}
===返回===
{
"_index": "test_alert",
"_type": "_doc",
"_id": "1", // 数据的id为我们自定义的id
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 1,
"_primary_term": 1
}
修改数据
PUT只会将json数据都进行替换, POST只会更新相同字段的值
PUT与DELETE都是幂等性操作, 即不论操作多少次, 结果都一样
【PUT】全量修改
// PUT请求
http://127.0.0.1:9200/test_alert/_doc/1
{
"src_ip":"3.3.3.3",
"src_port": 80
}
===返回====
{
"_index": "test_alert",
"_type": "_doc",
"_id": "1",
"_version": 2, // 每次数据修改,版本+1
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 2,
"_primary_term": 1
}
// PUT请求 数据恢复
http://127.0.0.1:9200/test_alert/_doc/1
{
"src_ip":"2.2.2.2",
"src_port": 80,
"domain":"www.jira.com",
"ip_type":4,
"protocol":1,
"createTime":"2023-02-12 18:18:18",
"category":18888.0,
"ioc_threat_tag":[1,2,3,4],
"user_id":2
}
===返回===
{
"_index": "test_alert",
"_type": "_doc",
"_id": "1",
"_version": 3, // 每次数据修改,版本+1
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 3,
"_primary_term": 1
}
【POST】局部修改
// POST请求
http://127.0.0.1:9200/test_alert/_update/1
{
"doc": {
"src_ip": "8.8.8.8"
}
}
===返回===
{
"_index": "test_alert",
"_type": "_doc",
"_id": "1",
"_version": 4, // 每次数据修改,版本+1
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 4,
"_primary_term": 1
}
【POST】修改文档-追加值
http://127.0.0.1:9200/test_alert/_update_by_query
// 索引库里追加字段和字段值,如下表示,更新test_alert索引库所有符合条件的文档追加port字段,值为8443
{
"script": {
"source": "ctx._source.port = 8080",
"lang": "painless"
},
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "port"
}
}
]
}
}
}
===返回====
{
"took": 107,
"timed_out": false,
"total": 2,
"updated": 2,
"deleted": 0,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
【POST】修改文档-修改指定字段值
http://127.0.0.1:9200/test_alert/_update_by_query
//根据条件更新索引库字段值
{
"script": {
"source": "ctx._source.port = 8080",
"lang": "painless"
},
"query": {
"match": {
"src_ip": "8.8.8.8"
}
}
}
====返回====
{
"took": 26,
"timed_out": false,
"total": 1,
"updated": 1,
"deleted": 0,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
【POST】修改索引库字段类型
// POST请求
localhost:9200/test_alert/_mapping
{
"properties": {
"domain": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
===返回====
{
"acknowledged": true
}
改完我们再查看以下索引库结构
// GET请求
localhost:9200/test_alert/_mapping
{
"version": 5,
"mapping_version": 3,
"settings_version": 1,
"aliases_version": 1,
"routing_num_shards": 1024,
"state": "open",
"settings": {
"index": {
"creation_date": "1676346977182",
"number_of_shards": "1",
"number_of_replicas": "1",
"uuid": "UQGRlwAsRkaaoKKCXJRFwQ",
"version": {
"created": "7080199"
},
"provided_name": "test_alert"
}
},
"mappings": {
"_doc": {
"properties": {
"src_ip": {
"type": "ip"
},
"src_port": {
"type": "integer"
},
"protocol": {
"type": "short"
},
"create_time": {
"type": "date"
},
"createTime": {
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"user_id": {
"type": "long"
},
"domain": {
"type": "text",
"fields": {
"keyword": { // 注意这里,domain多了一个keyword类型
"ignore_above": 256,
"type": "keyword"
}
}
},
"ioc_threat_tag": {
"type": "integer"
},
"category": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"ip_type": {
"type": "byte"
}
}
}
},
"aliases": [],
"primary_terms": {
"0": 1
},
"in_sync_allocations": {
"0": [
"sPz6Ct2RSgiPZGxaaS__7A"
]
},
"rollover_info": {}
}
删除数据
删除文档-根据id
// DELETE请求
http://127.0.0.1:9200/test_alert/_doc/3
===返回===
{
"_index": "test_alert",
"_type": "_doc",
"_id": "3",
"_version": 3,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 4,
"_primary_term": 1
}
根据搜索条件删除
先模拟一些数据
PS: _delete_by_query在开始处理时时获取索引的快照,并使用内部版本控制删除它所查找到的内容。这意味着如果文档在query和处理删除之间发生变化,会报冲突错误。当版本匹配时文档被删除。
执行删除ip_type为0的记录
// POST请求
http://127.0.0.1:9200/test_alert/_delete_by_query
{
"query":{
"match":{
"ip_type":0
}
}
}
===返回===
{
"took": 26,
"timed_out": false,
"total": 3,
"deleted": 3,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
清空索引库
// POST请求
http://127.0.0.1:9200/test_alert/_delete_by_query
{
"query": {
"match_all": {}
}
}
===返回====
{
"took": 14,
"timed_out": false,
"total": 2,
"deleted": 2,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
模糊匹配清空索引库
再创建一个test_alert1索引库,用于测试模糊请求操作。
// POST请求
http://127.0.0.1:9200/test_alert*/_delete_by_query
{
"query": {
"match_all": {}
}
}
===返回===
{
"took": 25,
"timed_out": false,
"total": 6,
"deleted": 6,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
查看测试数据
// GET请求
http://127.0.0.1:9200/test_alert/_search
{
"query":{
"match":{
"ip_type":0
}
}
}
=====返回====
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 3,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "test_alert",
"_type": "_doc",
"_id": "4",
"_score": 1,
"_source": {
"src_ip": "1.1.1.1",
"src_port": 80,
"domain": "www.juminfo.com",
"ip_type": 0,
"protocol": 1,
"createTime": "2022-12-12 18:18:18",
"category": 18888,
"ioc_threat_tag": [
1,
2,
3,
4
],
"user_id": 1
}
},
{
"_index": "test_alert",
"_type": "_doc",
"_id": "5",
"_score": 1,
"_source": {
"src_ip": "1.1.1.1",
"src_port": 80,
"domain": "www.juminfo.com",
"ip_type": 0,
"protocol": 1,
"createTime": "2022-12-12 18:18:18",
"category": 18888,
"ioc_threat_tag": [
1,
2,
3,
4
],
"user_id": 1
}
},
{
"_index": "test_alert",
"_type": "_doc",
"_id": "6",
"_score": 1,
"_source": {
"src_ip": "1.1.1.1",
"src_port": 80,
"domain": "www.juminfo.com",
"ip_type": 0,
"protocol": 1,
"createTime": "2022-12-12 18:18:18",
"category": 18888,
"ioc_threat_tag": [
1,
2,
3,
4
],
"user_id": 1
}
}
]
}
}
ES-增删改查的更多相关文章
- ES增删改查入门1
1.RESTful接口使用方法 为了方便直观我们使用Head插件提供的接口进行演示,实际上内部调用的RESTful接口. RESTful接口URL的格式: http://localhost:9200/ ...
- ES增删改查
了解了一下python对es 7.5的操作,记录下,不难: #!/usr/bin/env python # -*- coding: UTF-8 -*- from settings import Con ...
- [elk]es增删改查最佳实战
PUT app01 GET app01/_settings GET _all/_settings PUT app01/_settings { "number_of_replicas" ...
- 【ES】ElasticSearch初体验之使用Java进行最基本的增删改查~
好久没写博文了, 最近项目中使用到了ElaticSearch相关的一些内容, 刚好自己也来做个总结. 现在自己也只能算得上入门, 总结下自己在工作中使用Java操作ES的一些小经验吧. 本文总共分为三 ...
- Es学习第三课, ElasticSearch基本的增删改查
前面两课我们了解了ES的基本概念并且学会了安装ES,这节课我们就来讲讲ES基本的增删改查:ES主要对外界提供的是REST风格的API,我们通过客户端操作ES本质上就是API的调用.在第一课我们就讲了索 ...
- kibana的Dev Tool中如何对es进行增删改查
kinaba Dev Tool中对es(elasticSearch)进行增删改查 一.查询操作 查询语句基本语法 以下语句类似于mysql的: select * from xxx.yyy.topic ...
- Es图形化软件使用之ElasticSearch-head、Kibana,Elasticsearch之-倒排索引操作、映射管理、文档增删改查
今日内容概要 ElasticSearch之-ElasticSearch-head ElasticSearch之-安装Kibana Elasticsearch之-倒排索引 Elasticsearch之- ...
- elasticsearch索引的增删改查入门
为了方便直观我们使用Head插件提供的接口进行演示,实际上内部调用的RESTful接口. RESTful接口URL的格式: http://localhost:9200/<index>/&l ...
- 分布式搜索elasticsearch 索引文档的增删改查 入门
1.RESTful接口使用方法 为了方便直观我们使用Head插件提供的接口进行演示,实际上内部调用的RESTful接口. RESTful接口URL的格式: http://localhost:9200/ ...
- ElasticSearch6(三)-- Java API实现简单的增删改查
基于ElasticSearch6.2.4, Java API创建索引.查询.修改.删除,pom依赖和获取es连接 可查看此文章. package com.xsjt.learn; import java ...
随机推荐
- Educational Codeforces Round 143 (Rated for Div. 2) A-E
比赛链接 A 题意 有两座塔由红蓝方块组成,分别有 \(n,m\) 个方块,一次操作可以把一座塔塔顶的方块移动到另一座塔的塔顶,问通过操作是否能使每座塔中没有颜色相同的相邻方块. 题解 知识点:贪心. ...
- 五:spring boot
五.spring boot 通过springboot可以快速的搭建一个基于ssm框架的Java application,简单配置,自动装配. JavaConfiguration用java类来替代xml ...
- 与 Flutter 共创未来 | Flutter Forward 活动精彩回顾
作者 / Google 开发者框架和语言 (含 Flutter.Dart 和 Go) 产品经理 & 用户体验总监 Tim Sneath 我们很高兴可以在 Flutter Forward 活动 ...
- Centos 7.x系统下忘记用户登录密码,重置密码的方法
转载csdn: Centos 7.x系统下忘记用户登录密码,重置密码的方法_ATree的博客-CSDN博客_centos7密码忘记 重置密码的方法 Centos7修改root密码_shanvlang的 ...
- PostGIS之几何有效性
1. 概述 PostGIS 是PostgreSQL数据库一个空间数据库扩展,它添加了对地理对象的支持,允许在 SQL 中运行空间查询 PostGIS官网:About PostGIS | PostGIS ...
- 基于WebGL的方式使用OpenLayers
1. 引言 在绘制海量数据时,使用GPU进行绘制可有效减少CPU的负载,提升绘制时的速度在浏览器中,可以使用WebGL的方式与GPU交互 OpenLayers是一个常用的GIS相关的JavaScrip ...
- Java语法基础课程总结
1.运行实例EnumTest.java并分析 结论:枚举类型属于引用类型,不属于原始数据类型它的每一个具体值都引用一个特定的对象,可以使用"=="直接比较枚举变量的值,枚举是可以从 ...
- LeetCode-2044 统计按位或能得到最大值子集的数目
来源:力扣(LeetCode)链接:https://leetcode-cn.com/problems/count-number-of-maximum-bitwise-or-subsets 题目描述 给 ...
- CLIP改进工作串讲(上)学习笔记
看了跟李沐学AI系列朱毅老师讲的CLIP改进工作串讲,这里记录一下. 1.分割 分割的任务其实跟分类很像,其实就是把图片上的分类变成像素级别上的分类,但是往往图片上能用的技术都能用到像素级别上来.所以 ...
- MessageUtil
1 public abstract class MessageUtil { 2 3 public static String changeMsg(CustomerReportQueryObject q ...