【ES】代码例子
2024-10-15 17:43:07
#!/usr/bin/env python
#coding=utf-8 from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search class ES(object):
def __init__(self):
self.es = Elasticsearch(hosts="localhost:9200",timeout=60) def get_es_data(self, query = ""):
resp = self.es.search(index="test", body=query, scroll="1m",size=10000)
scroll_id = resp['_scroll_id']
resp_docs = resp["hits"]["hits"]
total = resp['hits']['total']
print total
count = len(resp_docs)
datas = resp_docs
while len(resp_docs) > 0:
scroll_id = resp['_scroll_id']
resp = self.es.scroll(scroll_id=scroll_id, scroll="1m")
resp_docs = resp["hits"]["hits"]
datas.extend(resp_docs)
count += len(resp_docs)
if count >= total:
break
return datas def get_ip_data(self, start_time, end_time, ip):
query = {"query":
{ "bool":{
"filter":{"range":{"timestamp":{"gte":start_time, "lt":end_time}}},
"must":{"match_phrase":{"src_ip": ip}}
}
}
}
data = self.get_es_data(query)
print len(data)
data = [d["_source"] for d in data]
print len(data)
print data[0:5]
return data def get_ips(self, start_time, end_time):
query = {
"query":{
"bool":{
"filter":{"range":{"timestamp":{"gte":start_time, "lt":end_time}}},
"must":{"exists":{"field":"src_ip"}}
}
}
}
data = self.get_es_data(query)
ips = [d["_source"]["src_ip"] for d in data]
print len(ips)
ips = list(set(ips))
print len(ips)
print ips
return ips if __name__ == "__main__":
es_obj = ES()
#es_obj.get_ips("2017-06-01T00:00:00", "2017-06-01T01:00:00")
es_obj.get_ip_data("2016-11-14T00:00:00", "2016-11-15T00:00:00","192.168.0.45")
最新文章
- shared_ptr
- Sublime Text 3 快捷键整理
- 51nod1006(lcs)
- 了解C++默认编写并调用哪些函数
- Stockbroker Grapevine(floyd)
- MYSQL主键自动增加的配置及auto_increment注意事项
- jgroups 常见概念
- 字符串聚合技术(String Aggregation Techniques)
- crm操作观点
- JS事件流理解
- Web in Linux小笔记001
- wireshark抓包图解 TCP三次握手/四次挥手详解[转]
- 如何提高windows的性能
- c语言中realloc()函数解析
- 图数据库项目DGraph的前世今生
- 好程序员web前端开发测验之css部分
- Luogu P2048 [NOI2010]超级钢琴
- python接口自动化测试二十二:文件下载
- ubuntu 14.04 忘记密码怎么办?
- [翻译] OrigamiEngine