so_elk dsl_tut

elasticsearch-dsl

Elasticsearch DSL - Honza Kral

• imports: from elasticsearch_dsl import connections, Search, Q

• create client connection:

es = connections.create_connection( hosts= ['localhost'], timeout=20)`

• create Search, bind it to client: s = Search(using=es)

• query: s.query('match', title='python')

• query twice:

s = s.query( 'match', title='python').query( ~Q('match', title='ruby ) )

• combines queries

  • alternative: s.query( Q() & ~Q() )

• equivalent

Q('match', title='python') == Match(title='python') == Q({match:{title:'python'}})

• boolean

Q(1) & Q(2) == Q('bool', must=[ Q(1), Q(2) ])
Q(1) | Q(2) | Q(3) == Q('bool', should=[ Q(1), Q(2), Q(3) ])

• filter: s = s.filter('range', creation_date={ "from": date(2012, 1, 1)})

  • filter will turn into filtered query

• chaining

copy is made in each change s2 = s1.query( Q(1) ) --> s1 != s2

same for other methods s[0:10], s.using(es), s.index('today', 'yesterday'), ...

• chaining different except Aggs

s.aggs.bucket('per_tag').metric('avg).metric('max')
s.aggs.bucket('per_country').bucket('per_tag'), metric('avg')
s.aggs['per_country'].metric(...)

• execute: result = s.execute()
  • returns result object

response = s.execute()
if not response.success(): 
   print("partial result")

• iterate over iterate

for h in response:
   print(h._meta.id, h.title)

• accessing aggregations top_tag = response.aggregations.per_tag.bucker[0]