我是靠谱客的博主 坚定微笑,最近开发中收集的这篇文章主要介绍Elasticsearch实战 按时间段和动态字段查询更新整体查询条件核心功能Java代码,觉得挺不错的,现在分享给大家,希望可以做个参考。
概述
整体查询条件
{
"query": {
"bool": {
"must": [
{
"range": {
"attack_time": {
"from": "2023-02-07 16:00:00",
"to": "2023-02-07 16:00:03",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
},
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"wildcard": {
"alarm_level": {
"wildcard": "*高*",
"boost": 1
}
}
},
{
"wildcard": {
"alarm_level": {
"wildcard": "*低*",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"log_format_type": [
"3"
],
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"bool": {
"must": [
{
"range": {
"alarm_level_id": {
"from": "2",
"to": null,
"include_lower": false,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"alarm_level_id": [
3
],
"boost": 1
}
},
{
"bool": {
"must_not": [
{
"script": {
"script": {
"source": "def seconds = doc['attack_time'].value.getHourOfDay()*3600+doc['attack_time'].value.getMinuteOfDay()*60+doc['attack_time'].value.getSecondOfDay(); return (doc['attack_time'].value.dayOfWeek)==params.week_day && seconds>params.begin_seconds && seconds<=params.end_seconds",
"lang": "painless",
"params": {
"end_seconds": 17999,
"week_day": 2,
"begin_seconds": 0
}
},
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
}核心功能Java代码
时间范围
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
RangeQueryBuilder rangeQueryBuilder = QueryBuilders.rangeQuery("attack_time");
rangeQueryBuilder.from(startTime);
rangeQueryBuilder.to(endTime);
boolQueryBuilder.must(rangeQueryBuilder);
字段拼装过滤
BoolQueryBuilder boolQueryBuilderOr = new BoolQueryBuilder();
BoolQueryBuilder boolQueryBuilderAnd = new BoolQueryBuilder();
JSONArray fields = configItem.getJSONArray("fields");
for (int i = 0; i < fields.size(); i++) {
JSONObject jsonField = fields.getJSONObject(i);
AlarmRelationEnum relation = AlarmRelationEnum.getValue(jsonField.getInt("relation"));
String field = jsonField.getStr("field");
String keyword = jsonField.getStr("keyword");
switch (relation) {
case INCLUDE:
BoolQueryBuilder boolQueryBuilderInclude = new BoolQueryBuilder();
for (String s : keyword.split(",")) {
boolQueryBuilderInclude.should(QueryBuilders.wildcardQuery(field, "*" + s + "*"));
}
boolQueryBuilderAnd.must(boolQueryBuilderInclude);
break;
case EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.termsQuery(field, keyword.split(",")));
break;
case NOT_EQUAL:
boolQueryBuilderAnd.mustNot(QueryBuilders.termQuery(field, keyword.split(",")));
break;
case GREATER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gt(keyword));
break;
case GREATER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gte(keyword));
break;
case LESSER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lt(keyword));
break;
case LESSER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lte(keyword));
break;
default:
break;
}
if (i == fields.size() - 1) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
} else {
if (jsonField.getStr("logic").equals("OR")) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
boolQueryBuilderAnd = new BoolQueryBuilder();
}
}
}过滤时间段
BoolQueryBuilder boolQueryValidTime = QueryBuilders.boolQuery();
String code = "def seconds = doc['attack_time'].value.getHourOfDay()*3600" +
"+doc['attack_time'].value.getMinuteOfDay()*60" +
"+doc['attack_time'].value.getSecondOfDay(); " +
"return (doc['attack_time'].value.dayOfWeek)==params.week_day " +
"&& seconds>params.begin_seconds && seconds<=params.end_seconds";
JSONArray weekTimes = configItem.getJSONArray("weekTimes");
for (int j = 0; j < weekTimes.size(); j++) {
JSONObject jsonObject = weekTimes.getJSONObject(j);
String[] beginTimeSplit = jsonObject.getStr("beginTime").split(":");
Integer beginSeconds = Integer.parseInt(beginTimeSplit[0]) * 3600
+ Integer.parseInt(beginTimeSplit[1]) * 60 + Integer.parseInt(beginTimeSplit[2]);
String[] endTimeSplit = jsonObject.getStr("endTime").split(":");
Integer endSeconds = Integer.parseInt(endTimeSplit[0]) * 3600
+ Integer.parseInt(endTimeSplit[1]) * 60 + Integer.parseInt(endTimeSplit[2]);
Map<String, Object> params = new HashMap<>(4);
params.put("begin_seconds", beginSeconds);
params.put("end_seconds", endSeconds);
params.put("week_day", jsonObject.getInt("weekDay"));
Script script = new Script(Script.DEFAULT_SCRIPT_TYPE,
Script.DEFAULT_SCRIPT_LANG, code, params);
boolQueryValidTime.mustNot(QueryBuilders.scriptQuery(script));
}
configQueryBuilder.must(boolQueryValidTime);数据更新
SearchHit[] hits = search.getHits().getHits();
if (hits != null && hits.length > 0) {
for (SearchHit searchHit : hits) {
if (alarmConfigHelper.matchParams(searchHit)) { //告警频率
//标志告警
UpdateByQueryRequest updateByQueryRequest = new UpdateByQueryRequest(searchHit.getIndex());
updateByQueryRequest.setConflicts("proceed");
updateByQueryRequest.setRefresh(true);
updateByQueryRequest.setQuery(QueryBuilders.idsQuery().addIds(searchHit.getId()));
updateByQueryRequest.setScript(new Script(
"ctx._source['" + FILED_PROJECT_ID + "']=" + alarmProject.getId()
+ ";ctx._source['" + FILED_PROJECT_THREAT_LEVEL + "']="
+ alarmProject.getThreatLevel()));
BulkByScrollResponse bulkByScrollResponse = getRestHighLevelClient()
.updateByQuery(updateByQueryRequest, RequestOptions.DEFAULT);
List<ScrollableHitSource.SearchFailure> searchFailures =
bulkByScrollResponse.getSearchFailures();
if(searchFailures.size() >0){
throw new RuntimeException(searchFailures.get(0).toString());
}
}
}
}最后
以上就是坚定微笑为你收集整理的Elasticsearch实战 按时间段和动态字段查询更新整体查询条件核心功能Java代码的全部内容,希望文章能够帮你解决Elasticsearch实战 按时间段和动态字段查询更新整体查询条件核心功能Java代码所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复