Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
lqb
/
elasticsearch
-ын хуулбар https://gitee.com/mirrors/elasticsearch.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 30cc10d3ac
Салаанууд Тагууд
elasticsearch
/
docs
/
reference
/
data-streams
/
use-a-data-stream.asciidoc

use-a-data-stream.asciidoc 4.1 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. [[use-a-data-stream]]
    2. 

  2. == Use a data stream
    3. 

  3. 

  4. After you <<set-up-a-data-stream,set up a data stream set up>>, you can do
    5. 

  5. the following:
    6. 

  6. 

  7. * <<add-documents-to-a-data-stream>>
    8. 

  8. * <<search-a-data-stream>>
    9. 

  9. * <<manually-roll-over-a-data-stream>>
    10. 

  10. 

  11. ////
    12. 

  12. [source,console]
    13. 

  13. ----
    14. 

  14. PUT /_index_template/logs_data_stream
    15. 

  15. {
    16. 

  16.   "index_patterns": [ "logs*" ],
    17. 

  17.   "data_stream": {
    18. 

  18.     "timestamp_field": "@timestamp"
    19. 

  19.   },
    20. 

  20.   "template": {
    21. 

  21.     "mappings": {
    22. 

  22.       "properties": {
    23. 

  23.         "@timestamp": {
    24. 

  24.           "type": "date"
    25. 

  25.         }
    26. 

  26.       }
    27. 

  27.     }
    28. 

  28.   }
    29. 

  29. }
    30. 

  30. 

  31. PUT /_data_stream/logs
    32. 

  32. ----
    33. 

  33. ////
    34. 

  34. 

  35. [discrete]
    36. 

  36. [[add-documents-to-a-data-stream]]
    37. 

  37. === Add documents to a data stream
    38. 

  38. 

  39. You can add documents to a data stream using the following requests:
    40. 

  40. 

  41. * An <<docs-index_,index API>> request with an
    42. 

  42. <<docs-index-api-op_type,`op_type`>> set to `create`. Specify the data
    43. 

  43. stream's name in place of an index name.
    44. 

  44. +
    45. 

  45. --
    46. 

  46. NOTE: The `op_type` parameter defaults to `create` when adding new documents.
    47. 

  47. 

  48. .*Example: Index API request*
    49. 

  49. [%collapsible]
    50. 

  50. ====
    51. 

  51. The following <<docs-index_,index API>> adds a new document to the `logs` data
    52. 

  52. stream.
    53. 

  53. 

  54. [source,console]
    55. 

  55. ----
    56. 

  56. POST /logs/_doc/
    57. 

  57. {
    58. 

  58.   "@timestamp": "2020-12-07T11:06:07.000Z",
    59. 

  59.   "user": {
    60. 

  60.     "id": "8a4f500d"
    61. 

  61.   },
    62. 

  62.   "message": "Login successful"
    63. 

  63. }
    64. 

  64. ----
    65. 

  65. // TEST[continued]
    66. 

  66. ====
    67. 

  67. --
    68. 

  68. 

  69. * A <<docs-bulk,bulk API>> request using the `create` action. Specify the data
    70. 

  70. stream's name in place of an index name.
    71. 

  71. +
    72. 

  72. --
    73. 

  73. NOTE: Data streams do not support other bulk actions, such as `index`.
    74. 

  74. 

  75. .*Example: Bulk API request*
    76. 

  76. [%collapsible]
    77. 

  77. ====
    78. 

  78. The following <<docs-bulk,bulk API>> index request adds several new documents to
    79. 

  79. the `logs` data stream. Note that only the `create` action is used.
    80. 

  80. 

  81. [source,console]
    82. 

  82. ----
    83. 

  83. PUT /logs/_bulk?refresh
    84. 

  84. {"create":{"_index" : "logs"}}
    85. 

  85. { "@timestamp": "2020-12-08T11:04:05.000Z", "user": { "id": "vlb44hny" }, "message": "Login attempt failed" }
    86. 

  86. {"create":{"_index" : "logs"}}
    87. 

  87. { "@timestamp": "2020-12-08T11:06:07.000Z", "user": { "id": "8a4f500d" }, "message": "Login successful" }
    88. 

  88. {"create":{"_index" : "logs"}}
    89. 

  89. { "@timestamp": "2020-12-09T11:07:08.000Z", "user": { "id": "l7gk7f82" }, "message": "Logout successful" }
    90. 

  90. ----
    91. 

  91. // TEST[continued]
    92. 

  92. ====
    93. 

  93. --
    94. 

  94. 

  95. [discrete]
    96. 

  96. [[search-a-data-stream]]
    97. 

  97. === Search a data stream
    98. 

  98. 

  99. The following search APIs support data streams:
    100. 

  100. 

  101. * <<search-search, Search>>
    102. 

  102. * <<async-search, Async search>>
    103. 

  103. * <<search-multi-search, Multi search>>
    104. 

  104. * <<search-field-caps, Field capabilities>>
    105. 

  105. ////
    106. 

  106. * <<eql-search-api, EQL search>>
    107. 

  107. ////
    108. 

  108. 

  109. .*Example*
    110. 

  110. [%collapsible]
    111. 

  111. ====
    112. 

  112. The following <<search-search,search API>> request searches the `logs` data
    113. 

  113. stream for documents with a timestamp between today and yesterday that also have
    114. 

  114. `message` value of `login successful`.
    115. 

  115. 

  116. [source,console]
    117. 

  117. ----
    118. 

  118. GET /logs/_search
    119. 

  119. {
    120. 

  120.   "query": {
    121. 

  121.     "bool": {
    122. 

  122.       "must": {
    123. 

  123.         "range": {
    124. 

  124.           "@timestamp": {
    125. 

  125.             "gte": "now-1d/d",
    126. 

  126.             "lt": "now/d"
    127. 

  127.           }
    128. 

  128.         }
    129. 

  129.       },
    130. 

  130.       "should": {
    131. 

  131.         "match": {
    132. 

  132.           "message": "login successful"
    133. 

  133.         }
    134. 

  134.       }
    135. 

  135.     }
    136. 

  136.   }
    137. 

  137. }
    138. 

  138. ----
    139. 

  139. // TEST[continued]
    140. 

  140. ====
    141. 

  141. 

  142. [discrete]
    143. 

  143. [[manually-roll-over-a-data-stream]]
    144. 

  144. === Manually roll over a data stream
    145. 

  145. 

  146. A rollover creates a new backing index for a data stream. This new backing index
    147. 

  147. becomes the stream's <<data-stream-write-index,write index>> and increments
    148. 

  148. the stream's <<data-streams-generation,generation>>.
    149. 

  149. 

  150. In most cases, we recommend using <<index-lifecycle-management,{ilm-init}>> to
    151. 

  151. automate rollovers for data streams. This lets you automatically roll over the
    152. 

  152. current write index when it meets specified criteria, such as a maximum age or
    153. 

  153. size.
    154. 

  154. 

  155. However, you can also use the <<indices-rollover-index,rollover API>> to
    156. 

  156. manually perform a rollover. This can be useful if you want to apply mapping or
    157. 

  157. setting changes to the stream's write index after updating a data stream's
    158. 

  158. template.
    159. 

  159. 

  160. .*Example*
    161. 

  161. [%collapsible]
    162. 

  162. ====
    163. 

  163. The following <<indices-rollover-index,rollover API>> request submits a manual
    164. 

  164. rollover request for the `logs` data stream.
    165. 

  165. 

  166. [source,console]
    167. 

  167. ----
    168. 

  168. POST /logs/_rollover/
    169. 

  169. {
    170. 

  170.   "conditions": {
    171. 

  171.     "max_docs":   "1"
    172. 

  172.   }
    173. 

  173. }
    174. 

  174. ----
    175. 

  175. // TEST[continued]
    176. 

  176. ====
    177. 

  177. 

  178. ////
    179. 

  179. [source,console]
    180. 

  180. ----
    181. 

  181. DELETE /_data_stream/logs
    182. 

  182. 

  183. DELETE /_index_template/logs_data_stream
    184. 

  184. ----
    185. 

  185. // TEST[continued]
    186. 

  186. ////
    187.