def main(self): date_timedelta = dict(minutes=30) self.config_file = './unauth_ssh_pyes.conf' self.config = None self.initConfiguration() must = [ pyes.TermFilter('_type', 'event'), pyes.TermFilter('category', 'syslog'), pyes.TermFilter('details.program', 'sshd'), pyes.QueryFilter( pyes.QueryStringQuery('details.hostname: /{}/'.format( self.config.hostfilter))), pyes.QueryFilter( pyes.MatchQuery('summary', 'Accepted publickey {}'.format( self.config.user), operator='and')) ] must_not = [] for x in self.config.skiphosts: must_not.append(pyes.QueryFilter(pyes.MatchQuery('summary', x))) self.filtersManual(date_timedelta, must=must, must_not=must_not) self.searchEventsSimple() self.walkEvents()
conn.index( { "name": u"JAVA", "property": ".doc", "path": "/var/lib", "size": 5, "time": get_now_time() }, "tiankangbo11", "file") #conn.index({"name":"wanli15-year", "property":".mp4", "path":"/root", "size":2.1, "time":"2010-07-13"}, "tiankangbo11", "file") #conn.index({"name":"C++", "property":".pdf", "path":"/mnt", "size":11, "time":get_now_time()}, "tiankangtbo11", "file") conn.default_indices = [u"tiankangbo11"] #设置默认的索引 conn.default_types = [u"file"] conn.indices.refresh() #刷新以获得最新插入的文档 # q = pyes.TermQuery("name", u"Python")#查询name中包含bill的记录 # results = conn.search(q) # for r in results: # print "名字中包含Python的记录", r #查询name中包含C的数据 q = pyes.QueryStringQuery(u".doc", 'property') results = conn.search(q) for r in results: print "名字中包含C的数据", r q = pyes.QueryStringQuery(u"JAVA OR Python", 'name') results = conn.search(q) for r in results: print "名字中包含JAVA or Python的数据", r
conn.index( { 'first_name': 'Douglas', 'last_name': 'Fir', 'age': 45, 'about': 'I like to build cabinets', 'interests': ['forestry'] }, 'megacorp', 'employee', 3) conn.index({'last_name': '中国人强壮'}, 'megacorp', 'employee', 4) conn.index({'last_name': '强中国人壮'}, 'megacorp', 'employee', 5) conn.index({'last_name': '强壮中人国'}, 'megacorp', 'employee', 6) q = pyes.QueryStringQuery('last_name:强壮') results = conn.search(q, indices='megacorp', start=1, size=1) # results = conn.search( # index='megacorp', # query={ # 'query':{ # 'match': { # 'last_name': '强壮' # } # } # } # ) print results.total for r in results: print r['last_name'].encode('UTF-8')
}, 'lastname': { 'index': 'not_analyzed', 'type': 'string' }, 'age': { 'index': 'not_analyzed', 'type': 'long' } } conn.indices.put_mapping('man', {'properties': mapping}, ['human']) conn.indices.put_mapping("woman", {'properties': mapping}, ["human"]) conn.index({ 'firstname': 'David', 'lastname': 'White', 'age': 18 }, 'human', 'man', True) conn.index({ 'firstname': 'Suzan', 'lastname': 'Black', 'age': 28 }, 'human', 'woman', True) q = pyes.TermQuery('firstname', 'Suzan') q = pyes.QueryStringQuery('Suzan') res = conn.search(query=q) if not res: print 'cdv' for r in res: print type(res)
#!/usr/bin/env python # -*- coding: utf-8 -*- import pyes index = "test2" doc_type = "test" es = pyes.ES(["http://127.0.0.1:9200"]) es.create_index_if_missing(index) for i in range(1, 100): es.index({"number":i}, index=index, doc_type=doc_type) es.refresh([index]) query = pyes.QueryStringQuery("*") search = pyes.query.Search(query=query, start=0, size=10, sort=[{"number":"asc"}], fields=["number"]) results = es.search(search, indices=[index], doc_types=[doc_type]) print [i for i in results] query2 = pyes.QueryStringQuery("*") search2 = pyes.query.Search(query=query2, start=20, size=20, sort=[{"number":"asc"}], fields=["number"]) results2 = es.search(search2, indices=[index], doc_types=[doc_type]) print [i for i in results2] es.delete_index_if_exists(index)