使用管道处理语言查询 Amazon Elasticsearch Service 数据 - Amazon Elasticsearch Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用管道处理语言查询 Amazon Elasticsearch Service 数据

管道处理语言 (PPL) 是一种查询语言,它允许您使用管道 (|) 语法来查询存储在 Amazon Elasticsearch Service (Amazon ES) 中的数据。

PPL 语法由管道字符分隔的命令组成(|),其中数据从左到右流经每个管道。例如,PPL 语法用于查找具有 HTTP 403 或 503 错误的主机数、将它们聚合到每个主机并按影响顺序对它们进行排序,如下所示:

source = kibana_sample_data_logs | where response='403' or response='503' | stats count(request) as request_count by host, response | sort -request_count

PPL 要求 Elasticsearch 7.9 或更高版本。该功能的完整文档,包括详细步骤和命令说明,请参阅Open Distro the Elasticsearch 文档

要开始使用该功能,请选择查询 Workbench,然后在 Kibana 中选择PPL。使用bulk操作来索引一些示例数据:

PUT accounts/_bulk?refresh {"index":{"_id":"1"}} {"account_number":1,"balance":39225,"firstname":"Amber","lastname":"Duke","age":32,"gender":"M","address":"880 Holmes Lane","employer":"Pyrami","email":"amberduke@pyrami.com","city":"Brogan","state":"IL"} {"index":{"_id":"6"}} {"account_number":6,"balance":5686,"firstname":"Hattie","lastname":"Bond","age":36,"gender":"M","address":"671 Bristol Street","employer":"Netagy","email":"hattiebond@netagy.com","city":"Dante","state":"TN"} {"index":{"_id":"13"}} {"account_number":13,"balance":32838,"firstname":"Nanette","lastname":"Bates","age":28,"gender":"F","address":"789 Mady Street","employer":"Quility","city":"Nogal","state":"VA"} {"index":{"_id":"18"}} {"account_number":18,"balance":4180,"firstname":"Dale","lastname":"Adams","age":33,"gender":"M","address":"467 Hutchinson Court","email":"daleadams@boink.com","city":"Orick","state":"MD"}

以下示例返回firstnamelastname字段的帐户索引中的文档age大于 18:

search source=accounts | where age > 18 | fields firstname, lastname
示例响应
id FirstName LastName
0 琥珀色 杜克
1 哈蒂 债券
2 纳内特 贝茨
3 戴尔 亚当斯

您可以使用一组完整的只读命令,如searchwherefieldsrenamededupstatssortevalheadtop, 和rare。有关每个命令的说明和示例,请参阅命令

PPL 插件支持所有 SQL 函数,包括数学、三角函数、日期时间、字符串、聚合和高级运算符和表达式。要了解更多信息,请参阅SQL 函数