使用 Elasticsearch Python API 时如何 return 所有分片?
How can I return all shards when using the Elasticsearch Python API?
我正在尝试 运行 使用 elasticsearch python API 针对 ELK 设置进行搜索。似乎默认情况下,搜索 returns 只有 5 个索引结果。我如何配置它以便它可以 return 索引中可用的所有分片? kibanna 仪表板显示 900 + 分片,但 API 只有 returning 5。我现在的代码是:
es = Elasticsearch([{'host': 'localhost', 'port': 9200}])
data = es.search(
index='scapy'
)
脚本的输出显示(顶部):
{u'_shards': {u'failed': 0, u'skipped': 0, u'successful': 5, u'total': 5},
kibanna 仪表板的屏幕截图:
谢谢!
可选参数size可设置显示更多结果
count = es.count(index='scapy')['count']
data = es.search(index='scapy', size=count)
你一定是理解错了结果,
结果
{u'_shards': {u'failed': 0, u'skipped': 0, u'successful': 5, u'total': 5}
表示您的索引 'scapy' 的数据位于 5 个不同的分片中,您的搜索查询从这 5 个不同的分片中获得结果。
所以结果一定是这样的:
{
"took": 1651,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2221327255,
"max_score": 1,
"hits": [
{
"_index": "test_index",
"_type": "logs",
"_id": "BL1E-F8BH3R02gVcxkPc",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.1"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Cr1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.1"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Eb1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "F71E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "KL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "LL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "NL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "R71E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Sb1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "TL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
}
]
}
}
hits中有 10 个项目,这是因为结果 return 的默认大小为 10,因此您可以在查询 dsl 中设置大小,
GET /_search
{
"from" : 0, "size" : 10,
"query" : {
"term" : { "user" : "kimchy" }
}
}
我正在尝试 运行 使用 elasticsearch python API 针对 ELK 设置进行搜索。似乎默认情况下,搜索 returns 只有 5 个索引结果。我如何配置它以便它可以 return 索引中可用的所有分片? kibanna 仪表板显示 900 + 分片,但 API 只有 returning 5。我现在的代码是:
es = Elasticsearch([{'host': 'localhost', 'port': 9200}])
data = es.search(
index='scapy'
)
脚本的输出显示(顶部):
{u'_shards': {u'failed': 0, u'skipped': 0, u'successful': 5, u'total': 5},
kibanna 仪表板的屏幕截图:
谢谢!
可选参数size可设置显示更多结果
count = es.count(index='scapy')['count']
data = es.search(index='scapy', size=count)
你一定是理解错了结果, 结果
{u'_shards': {u'failed': 0, u'skipped': 0, u'successful': 5, u'total': 5}
表示您的索引 'scapy' 的数据位于 5 个不同的分片中,您的搜索查询从这 5 个不同的分片中获得结果。
所以结果一定是这样的:
{
"took": 1651,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2221327255,
"max_score": 1,
"hits": [
{
"_index": "test_index",
"_type": "logs",
"_id": "BL1E-F8BH3R02gVcxkPc",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.1"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Cr1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.1"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Eb1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "F71E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "KL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "LL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "NL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "R71E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "Sb1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
},
{
"_index": "test_index",
"_type": "logs",
"_id": "TL1E-F8BH3R02gVcxkPd",
"_score": 1,
"_source": {
"deviceType": "4",
"appVersion": "2.1.2"
}
}
]
}
}
hits中有 10 个项目,这是因为结果 return 的默认大小为 10,因此您可以在查询 dsl 中设置大小,
GET /_search
{
"from" : 0, "size" : 10,
"query" : {
"term" : { "user" : "kimchy" }
}
}