今天在做项目的时候需要做ES的多条件查询,相当于sql中的:
select * from table where A = 'valA' and (B = 'valB' or C = 'valC';)
一开始是这样写的:
BoolQueryBuilder builders= QueryBuilders.boolQuery()
.must(QueryBuilders.termQuery("IPv4_Src", typeSelection))
.must(QueryBuilders.boolQuery()
.should(QueryBuilders.termQuery("IPv4_Src", ipSelection))
.should(QueryBuilders.termQuery("IPv4_Dst", ipSelection)));
结果返回的数据是空,用RESTful去写一遍才发现term是不能生成的,把termQuery改成matchQuery即可得到。
另外因为多了一个参数进来,四个参数做多条件匹配,这是第一次做,在同事那问了一遍发现可以用NativeSearchQueryBuilder去做,于是就有下面的代码:
public List<Map<String, Object>> ESSearchBySe(String fileSelection, String typeSelection, String ipSelection, String portSelection) {
System.out.println("文件名为:"+fileSelection+"类型为:"+typeSelection+"ip为:"+ipSelection+"端口为:"+portSelection);
NativeSearchQueryBuilder builder = new NativeSearchQueryBuilder();
if(typeSelection != null && !"".equals(typeSelection)){
builder.withQuery(QueryBuilders.boolQuery().must(QueryBuilders.matchQuery("IPv4_Proto",typeSelection)));
}
if(ipSelection != null && !"".equals(ipSelection)){
builder.withQuery(QueryBuilders.boolQuery().must(QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery("IPv4_Src",ipSelection)))
.should(QueryBuilders.matchQuery("IPv4_Dst",ipSelection)));
}
if (portSelection != null && !"".equals(portSelection)){
builder.withQuery(QueryBuilders.boolQuery().must(QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery("TCP_Port_Src",portSelection)))
.should(QueryBuilders.matchQuery("TCP_Port_Dst",portSelection)));
}
SearchRequest searchRequest = new SearchRequest()
return null;
}
但是看了一下,为什么不能去构建索引的query呢,如果用SearchRequest去装索引的话发送的请求必须是searchSourceBuilder,不能用NativeSearchQueryBuilder,而在elasticsearch6.8中的NativeSearchQueryBuilder是有.indices的方法的,在7.10.2中这个方法不知道为什么莫名其妙的消失了,所以改用queryBuilder去构建:
public List<Map<String, Object>> ESSearchBySe(String fileSelection, String typeSelection, String ipSelection, String portSelection) throws IOException {
System.out.println("文件名为:"+fileSelection+"类型为:"+typeSelection+"ip为:"+ipSelection+"端口为:"+portSelection);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
SearchRequest searchRequest = new SearchRequest(fileSelection);
searchSourceBuilder.size(10000);
BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery();
searchSourceBuilder.timeout(new TimeValue(60,TimeUnit.SECONDS));
if(typeSelection != null && !"".equals(typeSelection)){
System.out.println("1111111111");
queryBuilder.must(QueryBuilders.matchQuery("IPv4_Proto",typeSelection));
}
if(ipSelection != null && !"".equals(ipSelection)){
System.out.println("22222222222222");
queryBuilder.must(QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery("IPv4_Src",ipSelection))
.should(QueryBuilders.matchQuery("IPv4_Dst",ipSelection)));
}
if (portSelection != null && !"".equals(portSelection)){
System.out.println("3333333333333333");
queryBuilder.must(QueryBuilders.boolQuery()
.should(QueryBuilders.matchQuery("TCP_Port_Src",portSelection))
.should(QueryBuilders.matchQuery("TCP_Port_Dst",portSelection)));
}
searchSourceBuilder.query(queryBuilder);
searchRequest.source(searchSourceBuilder);
SearchResponse searchResponse = restHighLevelClient.search(searchRequest, RequestOptions.DEFAULT);
List<Map<String,Object>> list = new ArrayList<>();
for (SearchHit documentsFields:searchResponse.getHits()) {
list.add(documentsFields.getSourceAsMap());
}
return list;
}
}
很坑啊官网也没有找到这个NativeSearchQueryBuilder
|