def query_ec(self, str_query, q_fields, start_date=0, end_date=0, index='logs-*', doc_type='logs', hours=24, debug=False): if start_date > end_date: raise Exception('The start_date can\'t be greater than the end_date') if start_date == 0 or end_date == 0: dt_end_date = datetime.now().timestamp() dt_start_date = (datetime.now() - timedelta(hours=hours)).timestamp() start_date = int(dt_start_date) * 1000 end_date = int(dt_end_date) * 1000 # print(str(start_date) + ' -- ' + str(end_date)) elastic_qry = ElasticQuery(es=self.elastic_client, index=index, doc_type=doc_type) elastic_qry.query( Query.bool( must=[Query.query_string(str_query), Query.range('normalDate', gte=start_date, lte=end_date)] ) ) elastic_qry.aggregate( Aggregate.date_histogram('2', 'normalDate', '12h') ) my_qry = elastic_qry.dict() my_qry['stored_fields'] = q_fields search_arr = list() header_qry = {"index": ["logs-*"], "ignore_unavailable": True} search_arr.append(header_qry) search_arr.append(my_qry) print('Elastic Query: ' + str(search_arr)) print('------------------------------------------------------------------------------------') print('Lucene Query: ' + str_query) request = '' for each in search_arr: request += '%s \n' % json.dumps(each) # print(request) resp = self.elastic_client.msearch(body=request) if resp is None and len(resp['responses']) <= 0: return None else: response = resp['responses'][0] hits_data = list() if response['hits']['total'] > 0: for hit in response['hits']['hits']: hits_data.append(hit) # print(str(hits_data)) return search_arr, hits_data
def test_just_query(self): q = ElasticQuery() q.query(Query.query_string('this is a querystring')) assert_equal( self, q.dict(), {'query': { 'query_string': { 'query': 'this is a querystring' } }})
def compose_query(self,terms,fields): terms = terms.replace(' ,',',').replace(', ',',').replace(" ","_").replace(","," ").split() result = '' for each in terms: if each.find("*") == -1 and each.find("?") == -1: result = result + '"' + each.replace("_"," ") + '" ' else: result = result + each.replace("_"," ") + ' ' return Query.query_string( '(' + result[:-1] + ') OR (' + result[:-1].lower() + ') OR (' + result[:-1].upper() + ') OR (' + result[:-1].title() + ')', fields=fields.replace(", ",",").replace(","," ").split(),lowercase_expanded_terms=False )
def return_single_field_search(field,search): q = ElasticQuery(es=Elasticsearch(),index=all_indexes,doc_type='') q.aggregate(Aggregate.terms(search,field)) q.query(Query.query_string(search,field,default_operator='OR',analyze_wildcard=True)) q.fields(field) ElasticQuery.sort(q,"_score",order="desc")