ELK Basic Commands

노션으로 옮김·2024년 2월 7일
ELK
0

Knowledge

Terminology Difference

CRUD Command

Read

  • Enter multiple documents into the type and search them
POST /customer/type1/_bulk
{"index":{"_id":"1"}}
{"age":30}
{"index":{"_id":"2"}}
{"age":40}
{"index":{"_id":"3"}}
{"age":50}

GET /customer/type1/_search
  • Data retrieval using URL paramters
GET kibana_sample_data_flights/_search?q=*&sort=AvgTicketPrice:desc
GET kibana_sample_data_flights/_search?q=OriginWeather:Sunny AND OriginCountry:DE&_source=AvgTicketPrice,DestWeather&sort=AvgTicketPrice:desc
  • Data retrieval using POST message
#This will fail to execute because 'match' doesn't support multiple fields
POST kibana_sample_data_flights/_search
{
  "query" : {"match" : {"DestCountry" : "US", "FlightNum" : "C2YBQ05"}},
  "sort" : {"AvgTicketPrice" : "desc"},
  "_source" : ["AvgTicketPrice", "FlightNum"]
}

#This will successfully retrieve data (notice that square brackets enclose the conditions of 'must' )
POST kibana_sample_data_flights/_search
{
  "query" : {
    "bool" : {
      "must" : [{
        "match" :{ 
          "DestCountry" : "US"
        }},{ 
        "match" : {
          "FlightNum" : "C2YBQ05"
        }}]
    }
  },
  "sort" : {"AvgTicketPrice" : "desc"},
  "_source" : ["AvgTicketPrice", "FlightNum"]
}
  • Search with a field name containing whitespaces via URL parameters

Add a backslash prefix before the whitespace character:

GET exam2/tourcompany/_search?q=Departure\ Date:2023-05-10

Create & Update

  • Input format based on whether the _id is specified for a doc creation
PUT /testindex/testtype/1  <- '_id' is set to '1'
{
  "Name":"Milliam"
}

PUT /testindex/testtype/_create  <- '_id' is set to '_create'
{
  "Name":"Milliam2"
}
  • A doc update using the bool keyword
POST exam2/tourcompany/_update_by_query
{
  "script" : { "inline" : "ctx._source['Phone'] = '111-1111-1111'", "lang" : "painless"},
  "query" : { 
    "bool":{
      "must" : [
          {"match" : {"Name" : "Chulsu"}}
        ],
      "must_not" : [
          {"match" : {"Name" : "This will not be matched"}}
        ]       
    }
  }
}
  • A doc update using the query keyword
POST exam2/tourcompany/_update_by_query
{
  "script": {
    "source": "ctx._source['Phone'] = '111-1111-1111'",
    "lang": "painless"
  },
  "query": {
    "match": {
      "Name": "Chulsu"
    }
  }
}

Delete

  • Basic usage using the DELETE method
DELETE /customer/type1/1
  • Three methods to delete a doc with key-value pair Name : Chulsu.
POST /exam2/tourcompany/_delete_by_query
{
  "query": {
    "match": {
      "Name": "Chulsu"
    }
  }
}

POST exam2/tourcompany/_delete_by_query?q=Name:Chulsu
POST exam2/tourcompany/_delete_by_query?q=Chulsu

The instruction above iterates through docs within the type customerlist, deleting a doc if conditions are matched.

Key Considerations

_mapping Definition

When creating a doc, the _mapping object is automatically constructed. It contains properties related to the doc. The properties is a definition of each field in the doc, which is structured as follows:

Be aware that the types of fields are included in them. Once a type of field is defined, it could never be changed. If you try inserting different data, it would result in errors:

Keyword Error in Sorting based on Name

If you run the below command, it would return errors:

GET exam2/tourcompany/_search?q=*&sort=Name:desc

The errors indicate that the use of a keyword field is necessary:

The keyword field is used as follows:

GET exam2/tourcompany/_search?q=*&sort=Name.keyword:desc
profile
노션으로 옮김
이전 포스트

Switch between multiple java versions

다음 포스트

Extract text from an image with Tesseract-OCR

0개의 댓글