ES8/elasticsearch8
[ES8] ES|QL
father6019
2023. 12. 23. 20:38
728x90
반응형
이 기능은 향후 변경되거나 없어질 수도 있다. 라고 함 그냥 경험만 해보는 걸로 ..
사전작업
이전에 생성해 놓은 es.8.8.1 을 복사해서 es.8.11.3 을 만들어 놓는다
kibana dev tool 접속
PUT sample_data
{
"mappings": {
"properties": {
"client.ip": {
"type": "ip"
},
"message": {
"type": "keyword"
}
}
}
}
PUT sample_data/_bulk
{"index": {}}
{"@timestamp": "2023-10-23T12:15:03.360Z", "client.ip": "172.21.2.162", "message": "Connected to 10.1.0.3", "event.duration": 3450233}
{"index": {}}
{"@timestamp": "2023-10-23T12:27:28.948Z", "client.ip": "172.21.2.113", "message": "Connected to 10.1.0.2", "event.duration": 2764889}
{"index": {}}
{"@timestamp": "2023-10-23T13:33:34.937Z", "client.ip": "172.21.0.5", "message": "Disconnected", "event.duration": 1232382}
{"index": {}}
{"@timestamp": "2023-10-23T13:51:54.732Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 725448}
{"index": {}}
{"@timestamp": "2023-10-23T13:52:55.015Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 8268153}
{"index": {}}
{"@timestamp": "2023-10-23T13:53:55.832Z", "client.ip": "172.21.3.15", "message": "Connection error", "event.duration": 5033755}
{"index": {}}
{"@timestamp": "2023-10-23T13:55:01.543Z", "client.ip": "172.21.3.15", "message": "Connected to 10.1.0.1", "event.duration": 1756467}
ES|QL 쿼리 실행
FROM sample_data
안됌..ㅡㅡ
https://www.elastic.co/guide/en/elasticsearch/reference/8.11/esql-getting-started.html
Getting started with ES|QL queries | Elasticsearch Guide [8.11] | Elastic
For readability, you can put each command on a separate line. However, you don’t have to. The following query is identical to the previous one: FROM sample_data | LIMIT 3
www.elastic.co
728x90
반응형