def main(self):
date_timedelta = dict(minutes=30)
self.config_file = './unauth_ssh_pyes.conf'
self.config = None
self.initConfiguration()
must = [
pyes.TermFilter('_type', 'event'),
pyes.TermFilter('category', 'syslog'),
pyes.TermFilter('details.program', 'sshd'),
pyes.QueryFilter(
pyes.QueryStringQuery('details.hostname: /{}/'.format(
self.config.hostfilter))),
pyes.QueryFilter(
pyes.MatchQuery('summary',
'Accepted publickey {}'.format(
self.config.user),
operator='and'))
]
must_not = []
for x in self.config.skiphosts:
must_not.append(pyes.QueryFilter(pyes.MatchQuery('summary', x)))
self.filtersManual(date_timedelta, must=must, must_not=must_not)
self.searchEventsSimple()
self.walkEvents()
conn.index(
{
"name": u"JAVA",
"property": ".doc",
"path": "/var/lib",
"size": 5,
"time": get_now_time()
}, "tiankangbo11", "file")
#conn.index({"name":"wanli15-year", "property":".mp4", "path":"/root", "size":2.1, "time":"2010-07-13"}, "tiankangbo11", "file")
#conn.index({"name":"C++", "property":".pdf", "path":"/mnt", "size":11, "time":get_now_time()}, "tiankangtbo11", "file")
conn.default_indices = [u"tiankangbo11"] #设置默认的索引
conn.default_types = [u"file"]
conn.indices.refresh() #刷新以获得最新插入的文档
# q = pyes.TermQuery("name", u"Python")#查询name中包含bill的记录
# results = conn.search(q)
# for r in results:
# print "名字中包含Python的记录", r
#查询name中包含C的数据
q = pyes.QueryStringQuery(u".doc", 'property')
results = conn.search(q)
for r in results:
print "名字中包含C的数据", r
q = pyes.QueryStringQuery(u"JAVA OR Python", 'name')
results = conn.search(q)
for r in results:
print "名字中包含JAVA or Python的数据", r
conn.index(
{
'first_name': 'Douglas',
'last_name': 'Fir',
'age': 45,
'about': 'I like to build cabinets',
'interests': ['forestry']
}, 'megacorp', 'employee', 3)
conn.index({'last_name': '中国人强壮'}, 'megacorp', 'employee', 4)
conn.index({'last_name': '强中国人壮'}, 'megacorp', 'employee', 5)
conn.index({'last_name': '强壮中人国'}, 'megacorp', 'employee', 6)
q = pyes.QueryStringQuery('last_name:强壮')
results = conn.search(q, indices='megacorp', start=1, size=1)
# results = conn.search(
# index='megacorp',
# query={
# 'query':{
# 'match': {
# 'last_name': '强壮'
# }
# }
# }
# )
print results.total
for r in results:
print r['last_name'].encode('UTF-8')
},
'lastname': {
'index': 'not_analyzed',
'type': 'string'
},
'age': {
'index': 'not_analyzed',
'type': 'long'
}
}
conn.indices.put_mapping('man', {'properties': mapping}, ['human'])
conn.indices.put_mapping("woman", {'properties': mapping}, ["human"])
conn.index({
'firstname': 'David',
'lastname': 'White',
'age': 18
}, 'human', 'man', True)
conn.index({
'firstname': 'Suzan',
'lastname': 'Black',
'age': 28
}, 'human', 'woman', True)
q = pyes.TermQuery('firstname', 'Suzan')
q = pyes.QueryStringQuery('Suzan')
res = conn.search(query=q)
if not res:
print 'cdv'
for r in res:
print type(res)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import pyes
index = "test2"
doc_type = "test"
es = pyes.ES(["http://127.0.0.1:9200"])
es.create_index_if_missing(index)
for i in range(1, 100):
es.index({"number":i}, index=index, doc_type=doc_type)
es.refresh([index])
query = pyes.QueryStringQuery("*")
search = pyes.query.Search(query=query, start=0, size=10, sort=[{"number":"asc"}], fields=["number"])
results = es.search(search, indices=[index], doc_types=[doc_type])
print [i for i in results]
query2 = pyes.QueryStringQuery("*")
search2 = pyes.query.Search(query=query2, start=20, size=20, sort=[{"number":"asc"}], fields=["number"])
results2 = es.search(search2, indices=[index], doc_types=[doc_type])
print [i for i in results2]
es.delete_index_if_exists(index)