Elasticsearch实战按时间段和动态字段查询更新整体查询条件核心功能Java代码

93 阅读 0 评论 62 点赞

我是靠谱客的博主坚定微笑，这篇文章主要介绍Elasticsearch实战按时间段和动态字段查询更新整体查询条件核心功能Java代码，现在分享给大家，希望可以做个参考。

整体查询条件

复制代码

{
"query": {
"bool": {
"must": [
{
"range": {
"attack_time": {
"from": "2023-02-07 16:00:00",
"to": "2023-02-07 16:00:03",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
},
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"wildcard": {
"alarm_level": {
"wildcard": "*高*",
"boost": 1
}
}
},
{
"wildcard": {
"alarm_level": {
"wildcard": "*低*",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"log_format_type": [
"3"
],
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"bool": {
"must": [
{
"range": {
"alarm_level_id": {
"from": "2",
"to": null,
"include_lower": false,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"alarm_level_id": [
3
],
"boost": 1
}
},
{
"bool": {
"must_not": [
{
"script": {
"script": {
"source": "def seconds = doc['attack_time'].value.getHourOfDay()*3600+doc['attack_time'].value.getMinuteOfDay()*60+doc['attack_time'].value.getSecondOfDay(); return (doc['attack_time'].value.dayOfWeek)==params.week_day && seconds>params.begin_seconds && seconds<=params.end_seconds",
"lang": "painless",
"params": {
"end_seconds": 17999,
"week_day": 2,
"begin_seconds": 0
}
},
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
{
"query": {
"bool": {
"must": [
{
"range": {
"attack_time": {
"from": "2023-02-07 16:00:00",
"to": "2023-02-07 16:00:03",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
},
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"bool": {
"should": [
{
"wildcard": {
"alarm_level": {
"wildcard": "*高*",
"boost": 1
}
}
},
{
"wildcard": {
"alarm_level": {
"wildcard": "*低*",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"log_format_type": [
"3"
],
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"bool": {
"must": [
{
"range": {
"alarm_level_id": {
"from": "2",
"to": null,
"include_lower": false,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
{
"terms": {
"alarm_level_id": [
3
],
"boost": 1
}
},
{
"bool": {
"must_not": [
{
"script": {
"script": {
"source": "def seconds = doc['attack_time'].value.getHourOfDay()*3600+doc['attack_time'].value.getMinuteOfDay()*60+doc['attack_time'].value.getSecondOfDay(); return (doc['attack_time'].value.dayOfWeek)==params.week_day && seconds>params.begin_seconds && seconds<=params.end_seconds",
"lang": "painless",
"params": {
"end_seconds": 17999,
"week_day": 2,
"begin_seconds": 0
}
},
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
}

核心功能Java代码

时间范围

复制代码

1
2
3
4
5
6
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
RangeQueryBuilder rangeQueryBuilder = QueryBuilders.rangeQuery("attack_time");
rangeQueryBuilder.from(startTime);
rangeQueryBuilder.to(endTime);
boolQueryBuilder.must(rangeQueryBuilder);

字段拼装过滤

复制代码

BoolQueryBuilder boolQueryBuilderOr = new BoolQueryBuilder();
BoolQueryBuilder boolQueryBuilderAnd = new BoolQueryBuilder();
JSONArray fields = configItem.getJSONArray("fields");
for (int i = 0; i < fields.size(); i++) {
JSONObject jsonField = fields.getJSONObject(i);
AlarmRelationEnum relation = AlarmRelationEnum.getValue(jsonField.getInt("relation"));
String field = jsonField.getStr("field");
String keyword = jsonField.getStr("keyword");
switch (relation) {
case INCLUDE:
BoolQueryBuilder boolQueryBuilderInclude = new BoolQueryBuilder();
for (String s : keyword.split(",")) {
boolQueryBuilderInclude.should(QueryBuilders.wildcardQuery(field, "*" + s + "*"));
}
boolQueryBuilderAnd.must(boolQueryBuilderInclude);
break;
case EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.termsQuery(field, keyword.split(",")));
break;
case NOT_EQUAL:
boolQueryBuilderAnd.mustNot(QueryBuilders.termQuery(field, keyword.split(",")));
break;
case GREATER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gt(keyword));
break;
case GREATER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gte(keyword));
break;
case LESSER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lt(keyword));
break;
case LESSER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lte(keyword));
break;
default:
break;
}
if (i == fields.size() - 1) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
} else {
if (jsonField.getStr("logic").equals("OR")) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
boolQueryBuilderAnd = new BoolQueryBuilder();
}
}
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

BoolQueryBuilder boolQueryBuilderOr = new BoolQueryBuilder();
BoolQueryBuilder boolQueryBuilderAnd = new BoolQueryBuilder();
JSONArray fields = configItem.getJSONArray("fields");
for (int i = 0; i < fields.size(); i++) {
JSONObject jsonField = fields.getJSONObject(i);
AlarmRelationEnum relation = AlarmRelationEnum.getValue(jsonField.getInt("relation"));
String field = jsonField.getStr("field");
String keyword = jsonField.getStr("keyword");
switch (relation) {
case INCLUDE:
BoolQueryBuilder boolQueryBuilderInclude = new BoolQueryBuilder();
for (String s : keyword.split(",")) {
boolQueryBuilderInclude.should(QueryBuilders.wildcardQuery(field, "*" + s + "*"));
}
boolQueryBuilderAnd.must(boolQueryBuilderInclude);
break;
case EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.termsQuery(field, keyword.split(",")));
break;
case NOT_EQUAL:
boolQueryBuilderAnd.mustNot(QueryBuilders.termQuery(field, keyword.split(",")));
break;
case GREATER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gt(keyword));
break;
case GREATER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).gte(keyword));
break;
case LESSER:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lt(keyword));
break;
case LESSER_EQUAL:
boolQueryBuilderAnd.must(QueryBuilders.rangeQuery(field).lte(keyword));
break;
default:
break;
}
if (i == fields.size() - 1) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
} else {
if (jsonField.getStr("logic").equals("OR")) {
boolQueryBuilderOr.should(boolQueryBuilderAnd);
boolQueryBuilderAnd = new BoolQueryBuilder();
}
}
}

过滤时间段

复制代码

BoolQueryBuilder boolQueryValidTime = QueryBuilders.boolQuery();
String code = "def seconds = doc['attack_time'].value.getHourOfDay()*3600" +
"+doc['attack_time'].value.getMinuteOfDay()*60" +
"+doc['attack_time'].value.getSecondOfDay(); " +
"return (doc['attack_time'].value.dayOfWeek)==params.week_day " +
"&& seconds>params.begin_seconds && seconds<=params.end_seconds";
JSONArray weekTimes = configItem.getJSONArray("weekTimes");
for (int j = 0; j < weekTimes.size(); j++) {
JSONObject jsonObject = weekTimes.getJSONObject(j);
String[] beginTimeSplit = jsonObject.getStr("beginTime").split(":");
Integer beginSeconds = Integer.parseInt(beginTimeSplit[0]) * 3600
+ Integer.parseInt(beginTimeSplit[1]) * 60 + Integer.parseInt(beginTimeSplit[2]);
String[] endTimeSplit = jsonObject.getStr("endTime").split(":");
Integer endSeconds = Integer.parseInt(endTimeSplit[0]) * 3600
+ Integer.parseInt(endTimeSplit[1]) * 60 + Integer.parseInt(endTimeSplit[2]);
Map<String, Object> params = new HashMap<>(4);
params.put("begin_seconds", beginSeconds);
params.put("end_seconds", endSeconds);
params.put("week_day", jsonObject.getInt("weekDay"));
Script script = new Script(Script.DEFAULT_SCRIPT_TYPE,
Script.DEFAULT_SCRIPT_LANG, code, params);
boolQueryValidTime.mustNot(QueryBuilders.scriptQuery(script));
}
configQueryBuilder.must(boolQueryValidTime);

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
BoolQueryBuilder boolQueryValidTime = QueryBuilders.boolQuery();
String code = "def seconds = doc['attack_time'].value.getHourOfDay()*3600" +
"+doc['attack_time'].value.getMinuteOfDay()*60" +
"+doc['attack_time'].value.getSecondOfDay(); " +
"return (doc['attack_time'].value.dayOfWeek)==params.week_day " +
"&& seconds>params.begin_seconds && seconds<=params.end_seconds";
JSONArray weekTimes = configItem.getJSONArray("weekTimes");
for (int j = 0; j < weekTimes.size(); j++) {
JSONObject jsonObject = weekTimes.getJSONObject(j);
String[] beginTimeSplit = jsonObject.getStr("beginTime").split(":");
Integer beginSeconds = Integer.parseInt(beginTimeSplit[0]) * 3600
+ Integer.parseInt(beginTimeSplit[1]) * 60 + Integer.parseInt(beginTimeSplit[2]);
String[] endTimeSplit = jsonObject.getStr("endTime").split(":");
Integer endSeconds = Integer.parseInt(endTimeSplit[0]) * 3600
+ Integer.parseInt(endTimeSplit[1]) * 60 + Integer.parseInt(endTimeSplit[2]);
Map<String, Object> params = new HashMap<>(4);
params.put("begin_seconds", beginSeconds);
params.put("end_seconds", endSeconds);
params.put("week_day", jsonObject.getInt("weekDay"));
Script script = new Script(Script.DEFAULT_SCRIPT_TYPE,
Script.DEFAULT_SCRIPT_LANG, code, params);
boolQueryValidTime.mustNot(QueryBuilders.scriptQuery(script));
}
configQueryBuilder.must(boolQueryValidTime);

数据更新

复制代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

SearchHit[] hits = search.getHits().getHits();
if (hits != null && hits.length > 0) {
for (SearchHit searchHit : hits) {
if (alarmConfigHelper.matchParams(searchHit)) { //告警频率
//标志告警
UpdateByQueryRequest updateByQueryRequest = new UpdateByQueryRequest(searchHit.getIndex());
updateByQueryRequest.setConflicts("proceed");
updateByQueryRequest.setRefresh(true);
updateByQueryRequest.setQuery(QueryBuilders.idsQuery().addIds(searchHit.getId()));
updateByQueryRequest.setScript(new Script(
"ctx._source['" + FILED_PROJECT_ID + "']=" + alarmProject.getId()
+ ";ctx._source['" + FILED_PROJECT_THREAT_LEVEL + "']="
+ alarmProject.getThreatLevel()));
BulkByScrollResponse bulkByScrollResponse = getRestHighLevelClient()
.updateByQuery(updateByQueryRequest, RequestOptions.DEFAULT);
List<ScrollableHitSource.SearchFailure> searchFailures =
bulkByScrollResponse.getSearchFailures();
if(searchFailures.size() >0){
throw new RuntimeException(searchFailures.get(0).toString());
}
}
}
}