ES 使用scroll遍历索引数据

#!/usr/bin/env python #coding:utf-8 import sys reload(sys) sys.setdefaultencoding("utf-8") from elasticsearch import helpers from elasticsearch import Elasticsearch import re def get_message(content): match= re.search(r".*( seller_nick='.*?' )",content) if match: return match.group(1) client = Elasticsearch(["http://user:password@elasticsearch..com:9200"]) query={ "query": { "query_string" : { "query" : "lain_app:trade-server.worker.trade-server AND message:'execute error'" } } } response = helpers.scan(client, query=query, scroll='5m', size=1000, clear_scroll=True, index="logstash-2019.05.28",) for hit in response: content=hit["_source"]["message"] print get_message(content)

#!/usr/bin/env python
#coding:utf-8
import sys
reload(sys)
sys.setdefaultencoding("utf-8")
from elasticsearch import helpers
from elasticsearch import Elasticsearch
import re

client = Elasticsearch(["http://user:pass@es-cn-0pp13aans00197akj.elasticsearch.aliyuncs.com:9200"], )
query= { "query" : { "bool":{"filter": [],"must":[{"query_string":{"query":"urihost.keyword:account.leyanbot.com AND request:\"/taobao/wangwang\"","analyze_wildcard":'true',"default_field":"*"}},{"range":{"@timestamp":{"gte":1564848000000,"lte":1564934400000,"format":"epoch_millis"}}}], "must_not": [], "should": []}}, "_source": ["request"] }
response = helpers.scan(client, query=query, scroll='5m', size=1000, clear_scroll=True, index="logstash-*",)
for hit in response:
    content=hit["_source"]
    print content

arterhuo / blog

ES 使用scroll遍历索引数据 #7