elasticsearch学习总结(三) API的使用范例2
2017-07-17 17:16
507 查看
一、事件统计
1、Rest API实现
GET /gzns_access/_search
{
"aggs":{
"counts":{
"date_histogram": {
"field": "@timestamp",
"format":"yyyy-MM-dd HH:mm",
"interval":"minute"
}
}
}
}
2、java api实现
/**
* 事件统计
* @param param
* @return
*/
public List<ReportViewVO> getEventCountList(ReportViewVO param){
//根据索引查询
SearchRequestBuilder requestbuilder = client.prepareSearch(param.getIndex());
BoolQueryBuilder bqb = QueryBuilders.boolQuery();
//根据服务器过滤
String host = param.getHost();
if(StringUtils.isNotEmpty(host))
{
bqb.must(QueryBuilders.termQuery("host", param.getHost()));
}
//根据类型过滤
String type = param.getType();
if(StringUtils.isNotEmpty(type))
{
bqb.must(QueryBuilders.termQuery("_type", param.getHost()));
}
requestbuilder.setQuery(bqb);
//组装分组,根据@timestamp按时间周期统计次数
DateHistogramAggregationBuilder aggregation = AggregationBuilders.dateHistogram("counts");
aggregation.field("@timestamp");
String interval = param.getInterval();
//统计周期 1y:年,1q:季度,1M:月,1w:周,1d:日,1H:小时,1m:分钟,1s:秒
switch (interval) {
case "1y":
aggregation.dateHistogramInterval(DateHistogramInterval.YEAR);
aggregation.format("yyyy");
break;
case "1q":
aggregation.dateHistogramInterval(DateHistogramInterval.QUARTER);
aggregation.format("yyyy-MM");
break;
case "1M":
aggregation.dateHistogramInterval(DateHistogramInterval.MONTH);
aggregation.format("yyyy-MM");
break;
case "1w":
aggregation.dateHistogramInterval(DateHistogramInterval.WEEK);
aggregation.format("yyyy-MM-dd");
break;
case "1d":
aggregation.dateHistogramInterval(DateHistogramInterval.DAY);
aggregation.format("yyyy-MM-dd");
break;
case "1H":
aggregation.dateHistogramInterval(DateHistogramInterval.HOUR);
aggregation.format("yyyy-MM-dd HH");
break;
case "1m":
aggregation.dateHistogramInterval(DateHistogramInterval.MINUTE);
aggregation.format("yyyy-MM-dd HH:mm");
break;
case "1s":
aggregation.dateHistogramInterval(DateHistogramInterval.HOUR);
aggregation.format("yyyy-MM-dd HH:mm:ss");
break;
default:
break;
}
requestbuilder.addAggregation(aggregation);
//获取查询结果
SearchResponse myresponse = requestbuilder.get();
Map<String, Aggregation> aggMap = myresponse.getAggregations().asMap();
InternalDateHistogram idh = (InternalDateHistogram) aggMap.get("counts");
//获取分组桶数据
List<Bucket> buckets = idh.getBuckets();
//返回的vo结果集
List<ReportViewVO> list = new ArrayList<ReportViewVO>();
ReportViewVO item = null;
for(Bucket bucket : buckets){
item = new ReportViewVO();
//时间
item.setTimestamp(bucket.getKeyAsString());
//事件次数
item.setValue(bucket.getDocCount());
list.add(item);
}
return list;
}
1、Rest API实现
GET /gzns_access/_search
{
"aggs":{
"counts":{
"date_histogram": {
"field": "@timestamp",
"format":"yyyy-MM-dd HH:mm",
"interval":"minute"
}
}
}
}
2、java api实现
/**
* 事件统计
* @param param
* @return
*/
public List<ReportViewVO> getEventCountList(ReportViewVO param){
//根据索引查询
SearchRequestBuilder requestbuilder = client.prepareSearch(param.getIndex());
BoolQueryBuilder bqb = QueryBuilders.boolQuery();
//根据服务器过滤
String host = param.getHost();
if(StringUtils.isNotEmpty(host))
{
bqb.must(QueryBuilders.termQuery("host", param.getHost()));
}
//根据类型过滤
String type = param.getType();
if(StringUtils.isNotEmpty(type))
{
bqb.must(QueryBuilders.termQuery("_type", param.getHost()));
}
requestbuilder.setQuery(bqb);
//组装分组,根据@timestamp按时间周期统计次数
DateHistogramAggregationBuilder aggregation = AggregationBuilders.dateHistogram("counts");
aggregation.field("@timestamp");
String interval = param.getInterval();
//统计周期 1y:年,1q:季度,1M:月,1w:周,1d:日,1H:小时,1m:分钟,1s:秒
switch (interval) {
case "1y":
aggregation.dateHistogramInterval(DateHistogramInterval.YEAR);
aggregation.format("yyyy");
break;
case "1q":
aggregation.dateHistogramInterval(DateHistogramInterval.QUARTER);
aggregation.format("yyyy-MM");
break;
case "1M":
aggregation.dateHistogramInterval(DateHistogramInterval.MONTH);
aggregation.format("yyyy-MM");
break;
case "1w":
aggregation.dateHistogramInterval(DateHistogramInterval.WEEK);
aggregation.format("yyyy-MM-dd");
break;
case "1d":
aggregation.dateHistogramInterval(DateHistogramInterval.DAY);
aggregation.format("yyyy-MM-dd");
break;
case "1H":
aggregation.dateHistogramInterval(DateHistogramInterval.HOUR);
aggregation.format("yyyy-MM-dd HH");
break;
case "1m":
aggregation.dateHistogramInterval(DateHistogramInterval.MINUTE);
aggregation.format("yyyy-MM-dd HH:mm");
break;
case "1s":
aggregation.dateHistogramInterval(DateHistogramInterval.HOUR);
aggregation.format("yyyy-MM-dd HH:mm:ss");
break;
default:
break;
}
requestbuilder.addAggregation(aggregation);
//获取查询结果
SearchResponse myresponse = requestbuilder.get();
Map<String, Aggregation> aggMap = myresponse.getAggregations().asMap();
InternalDateHistogram idh = (InternalDateHistogram) aggMap.get("counts");
//获取分组桶数据
List<Bucket> buckets = idh.getBuckets();
//返回的vo结果集
List<ReportViewVO> list = new ArrayList<ReportViewVO>();
ReportViewVO item = null;
for(Bucket bucket : buckets){
item = new ReportViewVO();
//时间
item.setTimestamp(bucket.getKeyAsString());
//事件次数
item.setValue(bucket.getDocCount());
list.add(item);
}
return list;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- elasticsearch学习总结(三) API的使用范例3
- elasticsearch学习总结(三) API的使用范例6
- elasticsearch学习总结(三) API的使用范例4
- elasticsearch学习总结(三) API的使用范例5
- elasticsearch学习总结(三) Java API的使用范例1
- Linux内核设计第四周学习总结 使用库函数API和C代码中嵌入汇编代码两种方式使用同一个系统调用
- Elasticsearch学习总结六 使用Observer实现HBase到Elasticsearch的数据同步
- Elasticsearch——使用学习1(API约定,多个索引支持)
- Google、Aliyun和百度地图切换以及API的使用和(2011.01.12未发布)学习总结
- elasticsearch学习总结——API 规范
- Elasticsearch学习总结三 elasticSearch基本操作API
- lucene学习总结篇--lucene全文检索的基本原理和lucene API简单的使用
- FMOD学习之---------api使用总结
- Java基础学习总结(67)——Java接口API中使用数组的缺陷
- Java基础学习总结(67)——Java接口API中使用数组的缺陷
- Ibatis学习总结6--使用 SQL Map API 编程
- 学习总结-常用API:正则表达式的使用
- Elasticsearch学习随笔(二)-- Index 和 Doc 查询新建API总结
- Symbian学习笔记(14):使用Browser Control API
- .net学习之WSE使用总结