Ruby 客户端中的 ES|QL
编辑Ruby 客户端中的 ES|QL编辑
此页面帮助您了解和使用 Ruby 客户端中的 ES|QL。
在 Ruby 客户端中使用 ES|QL 有两种方法
- 直接使用 Elasticsearch ES|QL API:这是最灵活的方法,但也是最复杂的方法,因为您必须以原始形式处理结果。您可以选择结果的精确格式,例如 JSON、CSV 或文本。
- 使用 Ruby ES|QL 助手:助手将原始响应映射到更易于您的应用程序使用的对象。
ES|QL API编辑
ES|QL 查询 API 允许您指定如何返回结果。您可以选择 响应格式,例如 CSV、文本或 JSON,然后使用列分隔符和语言环境等参数对其进行微调。
默认情况下,query API 返回一个包含 columns 和 values 的 Hash 响应
query = <<ESQL
FROM sample_data
| EVAL duration_ms = ROUND(event.duration / 1000000.0, 1)
ESQL
response = client.esql.query(body: { query: query})
puts response
{"columns"=>[
{"name"=>"@timestamp", "type"=>"date"},
{"name"=>"client.ip", "type"=>"ip"},
{"name"=>"event.duration", "type"=>"long"},
{"name"=>"message", "type"=>"keyword"},
{"name"=>"duration_ms", "type"=>"double"}
],
"values"=>[
["2023-10-23T12:15:03.360Z", "172.21.2.162", 3450233, "Connected to 10.1.0.3", 3.5],
["2023-10-23T12:27:28.948Z", "172.21.2.113", 2764889, "Connected to 10.1.0.2", 2.8],
["2023-10-23T13:33:34.937Z", "172.21.0.5", 1232382, "Disconnected", 1.2],
["2023-10-23T13:51:54.732Z", "172.21.3.15", 725448, "Connection error", 0.7],
["2023-10-23T13:52:55.015Z", "172.21.3.15", 8268153, "Connection error", 8.3],
["2023-10-23T13:53:55.832Z", "172.21.3.15", 5033755, "Connection error", 5.0],
["2023-10-23T13:55:01.543Z", "172.21.3.15", 1756467, "Connected to 10.1.0.1", 1.8]
]}
ES|QL 助手编辑
Ruby 客户端中的 ES|QL 助手从 ES|QL 查询 API 提供对象响应,而不是默认的 JSON 值。
要使用 ES|QL 助手,请在您的代码中引入它
require 'elasticsearch/helpers/esql_helper'
助手返回一个包含列作为键和相应值的哈希数组。使用 前面的示例,助手返回以下内容
response = Elasticsearch::Helpers::ESQLHelper.query(client, query)
puts response
{"duration_ms"=>3.5, "message"=>"Connected to 10.1.0.3", "event.duration"=>3450233, "client.ip"=>"172.21.2.162", "@timestamp"=>"2023-10-23T12:15:03.360Z"}
{"duration_ms"=>2.8, "message"=>"Connected to 10.1.0.2", "event.duration"=>2764889, "client.ip"=>"172.21.2.113", "@timestamp"=>"2023-10-23T12:27:28.948Z"}
{"duration_ms"=>1.2, "message"=>"Disconnected", "event.duration"=>1232382, "client.ip"=>"172.21.0.5", "@timestamp"=>"2023-10-23T13:33:34.937Z"}
{"duration_ms"=>0.7, "message"=>"Connection error", "event.duration"=>725448, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:51:54.732Z"}
{"duration_ms"=>8.3, "message"=>"Connection error", "event.duration"=>8268153, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:52:55.015Z"}
此外,您可以通过传入一个 column => Proc 值的 Hash 来转换响应中的数据。例如,您可以使用它将 @timestamp 转换为 DateTime 对象。将一个 Hash 传入 query 作为 parser,为要解析的每个值定义一个 Proc
require 'elasticsearch/helpers/esql_helper'
parser = {
'@timestamp' => Proc.new { |t| DateTime.parse(t) }
}
response = Elasticsearch::Helpers::ESQLHelper.query(client, query, parser: parser)
response.first['@timestamp']
# <DateTime: 2023-10-23T12:15:03+00:00 ((2460241j,44103s,360000000n),+0s,2299161j)>
您可以传入与响应中的列数量一样多的 Procs。例如
parser = {
'@timestamp' => Proc.new { |t| DateTime.parse(t) },
'client.ip' => Proc.new { |i| IPAddr.new(i) },
'event.duration' => Proc.new { |d| d.to_s }
}
response = Elasticsearch::Helpers::ESQLHelper.query(client, query, parser: parser)
puts response
{"duration_ms"=>3.5, "message"=>"Connected to 10.1.0.3", "event.duration"=>"3450233", "client.ip"=>#<IPAddr: IPv4:172.21.2.162/255.255.255.255>, "@timestamp"=>#<DateTime: 2023-10-23T12:15:03+00:00 ((2460241j,44103s,360000000n),+0s,2299161j)>}
{"duration_ms"=>2.8, "message"=>"Connected to 10.1.0.2", "event.duration"=>"2764889", "client.ip"=>#<IPAddr: IPv4:172.21.2.113/255.255.255.255>, "@timestamp"=>#<DateTime: 2023-10-23T12:27:28+00:00 ((2460241j,44848s,948000000n),+0s,2299161j)>}
{"duration_ms"=>1.2, "message"=>"Disconnected", "event.duration"=>"1232382", "client.ip"=>#<IPAddr: IPv4:172.21.0.5/255.255.255.255>, "@timestamp"=>#<DateTime: 2023-10-23T13:33:34+00:00 ((2460241j,48814s,937000000n),+0s,2299161j)>}
{"duration_ms"=>0.7, "message"=>"Connection error", "event.duration"=>"725448", "client.ip"=>#<IPAddr: IPv4:172.21.3.15/255.255.255.255>, "@timestamp"=>#<DateTime: 2023-10-23T13:51:54+00:00 ((2460241j,49914s,732000000n),+0s,2299161j)>}
{"duration_ms"=>8.3, "message"=>"Connection error", "event.duration"=>"8268153", "client.ip"=>#<IPAddr: IPv4:172.21.3.15/255.255.255.255>, "@timestamp"=>#<DateTime: 2023-10-23T13:52:55+00:00 ((2460241j,49975s,15000000n),+0s,2299161j)>}