1、根据某个字段匹配查询
SearchRequest searchRequest = new SearchRequest("openresty_access_log*");
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
searchSourceBuilder.query(QueryBuilders.boolQuery()
.must(QueryBuilders.rangeQuery("timestamp")
.timeZone("GMT+8")
.gte(startTime)
.lte(endTime))
.must(getBoolQueryBuilder())
//.must(QueryBuilders.rangeQuery("status").gt(400))
// 根据clientIp地址查找
.must(QueryBuilders.termQuery("clientip", clientIp))
.must(QueryBuilders.termQuery("http_host", site.substring(site.indexOf("//") + 2)))
);
2、根据某个字段模糊查询
QueryBuilders.wildcardQuery();
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
searchSourceBuilder.query(QueryBuilders.boolQuery()
.must(QueryBuilders.rangeQuery("timestamp")
.timeZone("GMT+8")
.gte(startTime)
.lte(endTime))
//.must(QueryBuilders.rangeQuery("status").gt(400))
.must(getBoolQueryBuilder()) // 模糊查询
);
// 根据多个条件进行模糊查询,封装BoolQueryBuilder
BoolQueryBuilder getBoolQueryBuilder() {
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
String[] strings = {"*.php", "*.sql", "*.gz", "*.tar", "*.config", "*.db", "*.zip", "*.jar", "*.rar", "*.7z", "*.bz", "*.tgz", "*.vimrc", "*.zshrc", "*.bash", "*sh*", "*.md", "*.ooxx", "*debug*", "*.pwd",
"*debug*", "*shell*", "*bak*", "*cgi*", "*pub*", "*.txt", "*.coffee", "*.yml", "*.inc", "*.pac", "*.secret", "*keys*"};
for (int i = 0; i < strings.length; i++) {
boolQueryBuilder.should(QueryBuilders.wildcardQuery("request", strings[i]));
}
//System.out.println(boolQueryBuilder.toString());
return boolQueryBuilder;
}
