ElasticSearchElasticSearch

SQL Analytics 支持两种类型的 ElasticSearch 查询,即 Lucene/字符串样式查询(例如 Kibana)和更复杂的基于 JSON 的查询。SQL Analytics supports two flavors of ElasticSearch queries, Lucene/string style queries (like Kibana) and the more elaborate JSON based queries. 对于第一种类型,创建类型为 Kibana 的数据源;对于第二种类型,创建类型为 Elasticsearch 的数据源。For the first one create a data source of type Kibana and for the latter create data source of type Elasticsearch.

字符串查询示例:String query example:

  • 查询名为“twitter”的索引Query the index named “twitter”
  • 按“user:kimchy”进行筛选Filter by “user:kimchy”
  • 返回字段:“@timestamp”、“tweet”和“user”Return the fields: “@timestamp”, “tweet” and “user”
  • 最多返回 15 个结果Return up to 15 results
  • 按 @timestamp 升序排序Sort by @timestamp ascending
{
  "index": "twitter",
  "query": "user:kimchy",
  "fields": ["@timestamp", "tweet", "user"],
  "limit": 15,
  "sort": "@timestamp:asc"
}

logstash ElasticSearch 实例上的简单查询:Simple query on a logstash ElasticSearch instance:

  • 查询名为“logstash-2015.04.*”的索引(在本例中为所有 2015 年 4 月)Query the index named “logstash-2015.04.* (in this case its all of April 2015)
  • 按 type:events 且 eventName:UserUpgrade 且 channel:selfserve 进行筛选Filter by type:events AND eventName:UserUpgrade AND channel:selfserve
  • 返回字段:“@timestamp”、“userId”、“channel”、“utm_source”、“utm_medium”、“utm_campaign”、“utm_content”Return fields: “@timestamp”, “userId”, “channel”, “utm_source”, “utm_medium”, “utm_campaign”, “utm_content”
  • 最多返回 250 个结果Return up to 250 results
  • 按 @timestamp 升序排序Sort by @timestamp ascending
{
  "index": "logstash-2015.04.*",
  "query": "type:events AND eventName:UserUpgrade AND channel:selfserve",
  "fields": ["@timestamp", "userId", "channel", "utm_source", "utm_medium", "utm_campaign", "utm_content"],
  "limit": 250,
  "sort": "@timestamp:asc"
}

ElasticSearch 实例上的 JSON 文档查询:JSON document query on a ElasticSearch instance:

  • 查询名为“twitter”的索引Query the index named “twitter”
    • 按用户“kimchy”进行筛选Filter by user equal “kimchy”
    • 返回字段:“@timestamp”、“tweet”和“user”Return the fields: “@timestamp”, “tweet” and “user”
    • 最多返回 15 个结果Return up to 15 results
    • 按 @timestamp 升序排序Sort by @timestamp ascending
{
  "index": "twitter",
  "query": {
    "match": {
      "user": "kimchy"
    }
  },
  "fields": ["@timestamp", "tweet", "user"],
  "limit": 15,
  "sort": "@timestamp:asc"
}