查询日志
查询接口请求语法
POST /v5/repos/<RepoName>/search
Content-Type: application/json
Authorization: Pandora <auth>
{
"size":<size>,
"query":"<QueryString>",
"scroll":"3m",
"sort":"userName:asc",
"from":1,
"fields":"<F1>,<F2>",
"highlight":{
"pre_tags":[
"<tag1>"
],
"post_tags":[
"</tag1>"
],
"fields":{
"<高亮的字段>":{
}
},
"require_field_match":false,
"fragment_size":100
}
}
查询接口请求说明
| 字段 | 类型 | 必填 | 说明 |
|---|---|---|---|
| RepoName | string | 是 | 日志仓库名称 |
| query | string | 否 | 查询表达式,参照查询语法 |
| sort | string | 否 | 排序,field1:asc,field2:desc, …。field 是实际字段名,asc代表升序,desc 代表降序。用逗号进行分隔。 |
| from | int | 否 | 日志开始的位置 |
| size | int | 否 | 返回数据数量 |
| scroll | string | 否 | scroll查询时ScrollID保存时间,如果不需要通过游标的方式拉取大量数据,可不填 |
| fields | string | 否 | 选择返回的数据中只展示部分字段。比如 fields=k1,k2,则返回的结果中只有k1,和k2字段 |
| highlight | map | 否 | 返回结果高亮配置 |
| highlight.pre_tags | string数组 | 是 | 表示高亮元素的前置标签,通常为<em> |
| highlight.post_tags | string数组 | 是 | 表示高亮元素的后置标签,通常为</em> |
| highlight.fields | map | 是 | 表示要高亮的字段,以及其高亮设置,比如设置高亮的窗口大小 |
| highlight.require_field_match | bool | 否 | 表示是否必须要强制匹配搜索符合的结果高亮,默认为false |
| highlight.fragment_size | int | 是 | 高亮的最大字符窗口大小 |
示例
curl -X POST https://nb-insight.qiniuapi.com/v5/repos/test_Repo/search \
-H 'Content-Type: application/json' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"size":1,"query":"content:test","sort":"userName:asc","from":1,"highlight":{"pre_tags":["<tag1>"],"post_tags":["</tag1>"],"fields":{"<高亮的字段>":{}},"require_field_match":false,"fragment_size":100}}'
{
"total": 10,
"partialSuccess": false,
"data": [
{
"content": "test",
"highlight": {
"content": [
"<tag>test<tag/>"
]
}
}
]
}
查询接口请求语法
POST /v5/repos/<RepoName>/search
Content-Type: application/json
Authorization: Pandora <auth>
{
"size":<size>,
"query":"<QueryString>",
"scroll":"3m",
"sort":"userName:asc",
"from":1,
"fields":"<F1>,<F2>",
"highlight":{
"pre_tags":[
"<tag1>"
],
"post_tags":[
"</tag1>"
],
"fields":{
"<高亮的字段>":{
}
},
"require_field_match":false,
"fragment_size":100
}
}
dslsearch查询接口语法
支持dsl json查询格式和scroll滚动查询
示例
curl -X POST https://nb-insight.qiniuapi.com/v5/repos/test_Repo/dslsearch?start_time=1586274982021&end_time=1586275882021&scroll=3m \
-H 'Content-Type: application/json' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"size":1,"query":{"bool": {"must": [{"match": {"b": "hello"}}]}}'
{
"scroll_id": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD0WZ2RDZ0U1YVVTeVNDa0g5bVZldEtJUQ==",
"total": 10,
"partialSuccess": false,
"data": [
{
"content": "test",
"highlight": {
"content": [
"<tag>test<tag/>"
]
}
}
]
}
若请求中不带scroll=xxx参数,结果中将不返回scroll_id字段
MSearch请求语法
和elasticsearch msearch接口一样,可以对多个repo进行搜索、分析。细节移步https://www.elastic.co/guide/en/elasticsearch/reference/2.3/search-multi-search.html
POST /v5/logdbkibana/msearch
Authorization: Pandora <auth>
Content-Type: text/plain
{"index":["repo0"]}
{"size":1,"sort":[{"timestamp":{"order":"desc"}}],"query":{"query_string":{"query":"*"}}}
{"index":["repo1"]}
{"size":1,"sort":[{"timestamp":{"order":"desc"}}],"query":{"query_string":{"query":"*"}}}
MSearch请求说明
| 字段 | 类型 | 必填 | 说明 |
|---|---|---|---|
| index | string | 是 | 日志仓库名称 |
示例
curl -X POST https://nb-insight.qiniuapi.com/v5/logdbkibana/msearch \
-H 'Content-Type: text/plain' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"index":["repo0"]}\n{"size":1,"sort":[{"timestamp":{"order":"desc"}}],"query":{"query_string":{"query":"*"}}}'
{
"responses": [
{
"took": 166,
"hits": {
"total": 10,
"max_score": 1,
"hits": [
{
"_source": {
"content": "test"
}
}
]
}
}
]
}
PartialSearch请求语法
POST /v5/repos/<RepoName>/s
Content-Type: text/plain
Authorization: Pandora <auth>
{
"query_string": <query_string>,
"sort": <timestamp>,
"size": <size>,
"startTime": <timestamp>,
"endTime": <timestamp>,
"searchType": <searchType>,
"highlight": {
"pre_tag": "<pre_tag>",
"post_tag": "<post_tag>"
}
}
PartialSearch请求说明
适用于非永久存储的repo且具有时间字段的repo查询,该接口针对超大规模日志进行优化。
| 字段 | 类型 | 必填 | 说明 |
|---|---|---|---|
| RepoName | string | 是 | 日志仓库名称 |
| query_string | string | 是 | 查询表达式,参照查询语法 |
| sort | string | 是 | 时间排序字段,比如sort:fieldName |
| size | int | 是 | 返回数据数量 |
| pre_tags | string | 否 | 表示高亮元素的前置标签,通常为<em> |
| post_tags | string | 否 | 表示高亮元素的后置标签,通常为</em> |
| startTime | int | 是 | 开始时间,毫秒时间戳 |
| endTime | int | 是 | 结束时间,毫秒时间戳 |
| searchType | int | 是 | 搜索模式:混合模式:0,searching模式:1,直方图模式:2 |
示例
curl -X POST https://nb-insight.qiniuapi.com/v5/test_Repo/s \
-H 'Content-Type: text/plain' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"query_string":"*","sort":"time","size":10,"startTime":1483203661000,"endTime":1483203663000,"searchType":1}'
{
"process": 0.5,
"total": 20,
"took": 28,
"partialSuccess": true,
"hits": [
{
"content": "test"
}
],
"buckets": [
{
"key": 1498124340000,
"count": 2
},
{
"key": 1498124370000,
"count": 2
}
]
}
curl -X POST https://nb-insight.qiniuapi.com/v5/test_Repo/s \
-H 'Content-Type: text/plain' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"query_string":"*","sort":"time","size":10,"startTime":1483203661000,"endTime":1483203663000,"searchType":1}'
{
"process": 1,
"total": 20,
"took": 28,
"partialSuccess": false,
"hits": [
{
"content": "test"
}
],
"buckets": [
{
"key": 1498124340000,
"count": 5
},
{
"key": 1498124370000,
"count": 5
}
]
}
循环调用partialsearch直到partialSuccess=false停止.
Scroll请求语法
scroll接口用于拉取大规模数据,需要配合搜素日志查询接口来使用。
POST /v5/repos/<RepoName>/scroll
Content-Type: application/json
Authorization: Pandora <auth>
{
"scroll_id": <scroll_id>,
"scroll": <scroll>
}
Scroll请求说明
| 字段 | 类型 | 必填 | 说明 |
|---|---|---|---|
| scroll_id | string | 是 | 使用上一次返回到的ID,用户抽取下一批结果 |
| scroll | string | 否 | 维护这个批量拉取上下文的时间,比如1m,1h等 |
示例
curl -X POST https://nb-insight.qiniuapi.com/v5/repos/test_Repo/search \
-H 'Content-Type: application/json' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"size":1,"query":"content:test","scroll":"3m","sort":"userName:asc","from":1}'
{
"scroll_id":"scroll_id1",
"total": 10,
"partialSuccess": false,
"data": [
{
"content": "test",
"highlight": {
"content": [
"<tag>test<tag/>"
]
}
}
]
}
curl -X POST https://nb-insight.qiniuapi.com/v5/scroll \
-H 'Content-Type: application/json' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"scroll":"3m","scroll_id":"scroll_id1"}'
{
"scroll_id":"scroll_id2"
"total": 10,
"partialSuccess": false,
"data": [
{
"content": "test",
"highlight": {
"content": [
"<tag>test<tag/>"
]
}
}
]
}
curl -X POST https://nb-insight.qiniuapi.com/v5/scroll \
-H 'Content-Type: application/json' \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{"scroll":"3m","scroll_id":"scroll_id2"}'
{
"scroll_id":""
"total": 10,
"partialSuccess": false,
"data": []
}
当scroll_id为空或者data为空的时候,表示数据批量拉取完成。
查询语法
关键字
| 名称 | 语义 |
|---|---|
| AND | query1 AND query2,查询交集 |
| OR | query1 OR query2,查询并集 |
| NOT | query1 NOT query2,表示符合query1,不符合query2的结果 |
| () | 把一个或多个query合并成一个query,提升优先级 |
| [] | 区间查询,包括边界 |
| {} | 区间查询,不包括边界 |
| \ | 转义字符 |
| >,=,<,<=,>= | 区间查询 |
查询举例
- 字段field包括a的log:
field:a - 字段field包括a,b的log:
field:a OR field:b - 字段field包含a或者b,不包含c:
(field:a OR field:b) AND (NOT field:c) - 字段field1包括a,b同时域field2包括c的log:
(field1:a OR field1:b) AND (field2:c) - 2017-1-1 12:00到2016-1-2 12:00的数据:
date:[2017-01-01T12:00:27.87+08:00 TO 2017-02-01T12:00:27.87+08:00] - 在数字1-5之间的log:
count:[1 TO 5] - 大于5的log:
count:>5 - 包含hello,world,同时二者之间有5个单词相隔:
field:"hello world"~5
响应报文
200 OK
Content-Type: application/json
{
"total": <Total>,
"partialSuccess": <partialSuccess>,
"data": [
{
"id": "<ID>",
"<Key>": "<Value>",
...
},
...
]
}
响应内容
| 参数 | 类型 | 必填 | 说明 |
|---|---|---|---|
| total | int | - | 共有多少结果数据 |
| partialSuccess | bool | - | 为true时,说明该次查询涉及的数据量比较大,需要较久的时间,我们将提前结束,并返回部分结果 |
| data | json | - | 数据结果集 |
| id | string | - | 系统自动生成,表示该条数据的唯一性 |
| key | string | - | 字段名称,value为此条数据内容 |
请求报文示例
curl -G https://nb-insight.qiniuapi.com/v5/repos/search?q="count:>=10 AND <20"&sort="userName:asc"&from=1&size=100 \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y='
响应报文示例
200 OK
Content-Type: application/json
{
"total": 100,
"partialSuccess": true,
"buckets": [
{
"id": "AVczSkfVrDpcIhsMRsgK",
"userName": "xiaowang",
},
...
]
}
搜索结果高亮示例
Highlight是指用户可以在搜索中自定义高亮的标签。
参数 highlight=true
GET请求示例:
curl -G https://nb-insight.qiniuapi.com/v5/repos/search?q="count:>=10 AND <20"&sort="userName:asc"&from=1&size=100&highlight=true \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{
"pre_tags":[
"<em>"
],
"post_tags":[
"</em>"
],
"fields":{
"name":{} # name表示字段名称,value为{}即可
}
}'
POST请求示例:
curl -XPOST https://nb-insight.qiniuapi.com/v5/repos/search \
-H 'Authorization: Pandora 2J1e7iG13J66GA8vWBzZdF-UR_d1MF-kacOdUUS4:NTi3wH_WlGxYOnXsvgUrO4XMD6Y=' \
-d '{
"size":2,
"query":"count:>=10 AND <20",
"scroll":"3m",
"from":1,
"sort":"userName:asc",
"highlight":{
"pre_tags":[
"<em>"
],
"post_tags":[
"</em>"
],
"fields":{
"a":{
}
},
"require_field_match":false,
"fragment_size":100
}
}'
返回示例:
'{
"total":1,
"partialSuccess":false,
"data": [
{
"name":"exampleName",
"timestamp":"2006-01-02T15:04:05.999999999+08:00",
"work":"es3",
"highlight":{
"name": [
"<em> exampleName </em>"
]
}
}
]
}'
必选字段解释:
fields是指需要高亮的字段.
可选字段解释:
pre\_tags和post\_tags是指包着被高亮文本的标签。默认是<em>和</em>
文档反馈
(如有产品使用问题,请 提交工单)
售前 
售后 