아빠는 개발자

[ES8] ES|QL 본문

ES8/elasticsearch8

[ES8] ES|QL

father6019 2023. 12. 23. 20:38
728x90
반응형

이 기능은 향후 변경되거나 없어질 수도 있다. 라고 함 그냥 경험만 해보는 걸로 ..

 

사전작업

이전에 생성해 놓은 es.8.8.1 을 복사해서 es.8.11.3 을 만들어 놓는다 

 

 

kibana dev tool 접속

 

PUT sample_data
{
  "mappings": {
    "properties": {
      "client.ip": {
        "type": "ip"
      },
      "message": {
        "type": "keyword"
      }
    }
  }
}


PUT sample_data/_bulk
{"index": {}}
{"@timestamp": "2023-10-23T12:15:03.360Z", "client.ip": "172.21.2.162", "message": "Connected to 10.1.0.3", "event.duration": 3450233}
{"index": {}}
{"@timestamp": "2023-10-23T12:27:28.948Z", "client.ip": "172.21.2.113", "message": "Connected to 10.1.0.2", "event.duration": 2764889}
{"index": {}}
{"@timestamp": "2023-10-23T13:33:34.937Z", "client.ip": "172.21.0.5", "message": "Disconnected", "event.duration": 1232382}
{"index": {}}
{"@timestamp": "2023-10-23T13:51:54.732Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 725448}
{"index": {}}
{"@timestamp": "2023-10-23T13:52:55.015Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 8268153}
{"index": {}}
{"@timestamp": "2023-10-23T13:53:55.832Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 5033755}
{"index": {}}
{"@timestamp": "2023-10-23T13:55:01.543Z", "client.ip": "172.21.3.15", "message": "Connected to 10.1.0.1", "event.duration": 1756467}

 

ES|QL 쿼리 실행

FROM sample_data

 

 

안됌..ㅡㅡ

 

https://www.elastic.co/guide/en/elasticsearch/reference/8.11/esql-getting-started.html

 

Getting started with ES|QL queries | Elasticsearch Guide [8.11] | Elastic

For readability, you can put each command on a separate line. However, you don’t have to. The following query is identical to the previous one: FROM sample_data | LIMIT 3

www.elastic.co

 

728x90
반응형

'ES8 > elasticsearch8' 카테고리의 다른 글

[es8] Top hits aggregation - 이론편  (5) 2024.10.20
[es8] similarity Search  (0) 2024.08.04
[ES8] elasticsearch-head  (0) 2024.02.03