1、修改时间字段的format:
PUT index_name { "mappings": { "_doc": { "properties": { "create_time": { "type": "date", "format": "yyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis||yyyyMMddhhmmss" } } } } }
2、创建一个text字段,并设置为多字段(keyword)
PUT index_name?pretty { "mappings": { "_doc": { "properties": { "field111": { "type": "text", "fields": { "keyword": { "type": "keyword" } } } } } } }
3、字段是否单独存储一次:
{ "mappings": { "_doc": { "properties": { "title": { "type": "text", "store": true }, "log_time": { "type": "date", "store": true }, "content": { "type": "text" } } } } }
4、在setting中自定义一个normalizer,并在mapping中使用
PUT index { "settings": { "analysis": { "normalizer": { "my_normalizer": { "type": "custom", "char_filter": [], "filter": ["lowercase", "asciifolding"] } } } }, "mappings": { "_doc": { "properties": { "foo": { "type": "keyword", "normalizer": "my_normalizer" } } } } }
5、_source属性定义哪些字段只索引但不存储
PUT 'localhost:9200/logs { "mappings": { "event": { "_source": { "includes": [ "*.count", "meta.*" ], "excludes": [ "meta.description", "meta.other.*" ] } } } }
6、在线分析索引后的结果
//使用whitespace分析器时
POST _analyze { "analyzer": "whitespace", "text": "The quick brown fox." }
//使用自定义组合的standard分词器+2个词元过滤器(小写+停词) POST _analyze { "tokenizer": "standard", "filter": [ "lowercase", "stop" ], "text": "The 2 QUICK Brown-Foxes jumped over the lazy dog's bone." }
7、message太长,只索引不存储
PUT yb_idx/_mapping { "_source": { "excludes": [ "message"] }, "properties": { "log_id": { "type": "keyword" }, "message": { "type": "text" }, "log_size": { "type": "integer" } } }
8、实验match查询
{ "query": { "match": { "message": "中国人民" } } }