In Elasticsearch, it is sometimes necessary to filter the data for a certain period of time by the index date, and then use the date mathematical expression provided by ES
Describe:
Especially in the log data, just query the log data for a period of time, then you can use the date mathematical expression, which can limit the number of indexes retrieved, reduce the load on the cluster, improve system performance.
Almost all APIs support mathematical parameter values in the date index.
Index based on the mathematical expression of the date:
<static_name{date_math_expr{date_format|time_zone}}>
The meanings of each of these fields are:
Static_name: The static part of the index name
DATE_MATH_EXPR: dynamic Date expression
Date_format: Format, default is YYYY.MM.DD
Time_zone: TimeZone, default is UTC
It is important to note that the index and the part of the date expression are placed inside the <>
angle brackets when using.
Examples of date mathematical expressions
For example, the time is now2024年3月22日中午12点.utc
An expression |
The value of an expression |
<test-{now/d}> |
|
|
|
|
|
|
|
|
|
Curl-xpost ' 192.168.204.32:9200/<test-\{now%2fm\}>/type/1?pretty '-d ' {"name": "Xing1", age:20} ' { "_ Index ":" test-2016.05.01 "," _type ":" Type ", " _id ":" 1 ", " _version ": 1, " _shards ": { " total ": 2,< c7/> "Successful": 2, "failed": 0 }, "created": true}
# curl-xpost ' 192.168.204.42:9200/<test-\{now%2fm\}>/_search?pretty '-d ' {"Query": {"Match_all": {}}} ' { " Took ": 3, " Timed_out ": false, " _shards ": { " total ": 5, " successful ": 5, " failed ": 0 }, " Hits ": { " total ": 1, " Max_score ": 1.0, " hits ": [{ " _index ":" test-2016.05.01 ", " _type ":" Typ E ", " _id ":" 1 ", " _score ": 1.0, " _source ": { " name ":" Xing1 ", " age ": + } }]
}}
Elasticsearch--date the use of math in the index