This topic describes how to use an Elasticsearch SDK and the Elasticsearch-compatible API to analyze data in Simple Log Service.
This is an original Alibaba Cloud document. Alibaba Cloud owns the intellectual property rights to this document. This document describes how Alibaba Cloud services can interact with third-party products. As a result, it may refer to the names of third-party companies or products.
Prerequisites
-
A project and a Standard logstore are created, and logs are collected. For more information, see Manage projects, Create a Logstore, and Data collection overview.
-
Indexes are created before you query logs. For more information, see Create indexes.
-
An AccessKey pair is created for the RAM user, and the required permissions to query logs in logstores are granted to the RAM user. For more information, see RAM authorization.
Usage notes
Only Elasticsearch 7.x SDKs can be used to access the Elasticsearch-compatible API.
If you do not specify the
@timestampfield in a query, the query returns data from the last 24 hours by default.
Parameters
Parameter | Description |
| The endpoint for data access. The format is Important Only the HTTPS protocol is supported. |
| The AccessKey ID for |
| |
|
|
Examples
The following examples show how to use an Elasticsearch SDK and the Elasticsearch-compatible API to analyze data in Simple Log Service. These examples use the etl-dev project, the accesslog Logstore, and the cn-huhehaote.log.aliyuncs.com endpoint.
cURL access example
curl -u ${ALIYUN_ACCESS_KEY_ID}:${ALIYUN_ACCESS_KEY_SECRET} "https://etl-dev.cn-huhehaote.log.aliyuncs.com/es/etl-dev.accesslog/_search?q=status:200"Python SDK access example
You can install dependencies.
pip install elasticsearch==7.17Example.
#!/bin/env python3 import os import json import time from elasticsearch import Elasticsearch, helpers slsProject = "etl-dev" slsEndpoint = "cn-huhehaote.log.aliyuncs.com" slsLogstore = "accesslog" esHost = "https://%s.%s/es/" % (slsProject, slsEndpoint) esIndex = "%s.%s" % (slsProject, slsLogstore) # Obtain the AccessKey pair information from environment variables. accessKeyId = os.environ['ALIYUN_ACCESS_KEY_ID'] accessKeySecret = os.environ['ALIYUN_ACCESS_KEY_SECRET'] esClient = Elasticsearch(hosts=esHost, http_auth=(accessKeyId, accessKeySecret), verify_certs=True, timeout=300) endTime = int(time.time()*1000) startTime = endTime - 3600*1000 r = esClient.search( index=esIndex, body= { "query": { "bool": { "filter": [ { "range": { "@timestamp": { "gte": startTime, "lte": endTime, "format": "epoch_millis" } } } ] } } } ) print(json.dumps(r, indent=4))
Elasticsearch DSL access example
The Elasticsearch Query Domain-Specific Language (DSL) is a syntax for searching data in Elasticsearch. To avoid manually assembling the DSL, you can use the following method to access data.
You can install dependencies.
pip install elasticsearch-dsl==7.4.1Elasticsearch DSL access example.
#!/bin/env python3 import os import json import time from elasticsearch import Elasticsearch, helpers from elasticsearch_dsl import Search, Q slsProject = "etl-dev" slsEndpoint = "cn-huhehaote.log.aliyuncs.com" slsLogstore = "accesslog" esHost = "https://%s.%s/es/" % (slsProject, slsEndpoint) esIndex = "%s.%s" % (slsProject, slsLogstore) # Obtain the AccessKey pair information from environment variables. accessKeyId = os.environ['ALIYUN_ACCESS_KEY_ID'] accessKeySecret = os.environ['ALIYUN_ACCESS_KEY_SECRET'] esClient = Elasticsearch(hosts=esHost, http_auth=(accessKeyId, accessKeySecret), verify_certs=True, timeout=300) endTime = int(time.time()*1000) startTime = endTime - 3600*1000 s = Search(using=esClient, index=esIndex) \ .filter(Q("range", **{"@timestamp": {"gte": startTime, "lt": endTime, "format": "epoch_millis"}})) \ .query("match", request_method="GET") \ response = s.execute() for hit in response: # request_method, host, and client_ip are fields in the Simple Log Service logs. print(hit.request_method, hit.host, hit.client_ip)
Golang SDK access example
package main
import (
"context"
"fmt"
"os"
"time"
"github.com/olivere/elastic/v7"
)
func main() {
// The following sample code shows how to use an Elasticsearch SDK to access the Elasticsearch-compatible API of Simple Log Service.
slsProject := "etl-dev"
slsLogstore := "accesslog"
slsEndpoint := "cn-huhehaote.log.aliyuncs.com"
accessKeyID := os.Getenv("ALIYUN_ACCESS_KEY_ID")
accessKeySecret := os.Getenv("ALIYUN_ACCESS_KEY_SECRET")
esHost := fmt.Sprintf("https://%s.%s:443/es", slsProject, slsEndpoint)
esIndex := fmt.Sprintf("%s.%s", slsProject, slsLogstore)
esClient, err := elastic.NewClient(
elastic.SetURL(esHost),
elastic.SetSniff(false),
elastic.SetBasicAuth(accessKeyID, accessKeySecret), // Set the username and password for basic authentication.
elastic.SetHealthcheck(false), // Disable health checks.
)
if err != nil {
panic(err)
}
termQuery := elastic.NewTermQuery("request_method", "GET")
endTime := time.Now().Unix()
startTime := endTime - 3600
timeRangeQuery := elastic.NewRangeQuery("@timestamp").Gte(startTime).Lte(endTime)
boolQuery := elastic.NewBoolQuery()
boolQuery = boolQuery.Must(timeRangeQuery, termQuery)
searchResult, err := esClient.Search().
Index(esIndex).
Query(boolQuery).
From(0).Size(10).
Pretty(true).
Do(context.Background())
if err != nil {
panic(err)
}
// Print the result.
for _, hit := range searchResult.Hits.Hits {
fmt.Println(string(hit.Source))
}
}Java SDK access example
You can add dependencies to the pom.xml file.
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.example</groupId> <artifactId>estest</artifactId> <version>1.0-SNAPSHOT</version> <properties> <maven.compiler.source>8</maven.compiler.source> <maven.compiler.target>8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.elasticsearch.client</groupId> <artifactId>elasticsearch-rest-high-level-client</artifactId> <version>7.10.1</version> </dependency> <dependency> <groupId>org.elasticsearch.client</groupId> <artifactId>elasticsearch-rest-client</artifactId> <version>7.10.1</version> </dependency> </dependencies> </project>Example.
package org.example; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.impl.client.BasicCredentialsProvider; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.client.RestHighLevelClient; import org.elasticsearch.index.query.BoolQueryBuilder; import org.elasticsearch.index.query.MatchQueryBuilder; import org.elasticsearch.index.query.RangeQueryBuilder; import org.elasticsearch.search.builder.SearchSourceBuilder; import java.io.IOException; public class Main { public static void main(String[] args) throws IOException { String slsProject = "etl-dev"; String slsLogstore = "accesslog"; String slsEndpoint = "cn-huhehaote.log.aliyuncs.com"; String schema = "https"; String esHost = slsProject + "." + slsEndpoint; // ${project}.${endpoint} int port = 443; String esIndex = slsProject + "." + slsLogstore; // ${project}.${logstore} String esPrefix = "/es/"; String accessKeyId = System.getenv("ALIYUN_ACCESS_KEY_ID"); String accessKeySecret = System.getenv("ALIYUN_ACCESS_KEY_SECRET"); final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(accessKeyId, accessKeySecret)); RestClientBuilder builder = RestClient.builder(new HttpHost(esHost, port, schema)).setHttpClientConfigCallback( httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)); // Set /es/ prefix builder.setPathPrefix(esPrefix); RestHighLevelClient client = new RestHighLevelClient(builder); // Query BoolQueryBuilder boolExpr= new BoolQueryBuilder(); long endTime = System.currentTimeMillis(); long startTime = endTime - 3600 * 1000; boolExpr.filter().add(new MatchQueryBuilder("request_method", "GET")); boolExpr.filter().add(new RangeQueryBuilder("@timestamp").gte(startTime).lte(endTime).format("epoch_millis")); SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder(); searchSourceBuilder.query(boolExpr); SearchRequest searchRequest = new SearchRequest(esIndex); searchRequest.source(searchSourceBuilder); SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT); System.out.println(searchResponse.toString()); client.close(); } }
PHP SDK access example
You can use Composer to install the PHP plugin.
composer require elasticsearch/elasticsearchExample.
<?php require 'vendor/autoload.php'; use Elasticsearch\ClientBuilder; $slsProject = 'etl-dev'; $slsLogstore = 'accesslog'; $slsEndpoint = 'cn-huhehaote.log.aliyuncs.com'; $esHost = $slsProject . '.' . $slsEndpoint; $esIndex = $slsProject . '.' . $slsLogstore; $accessKeyId = getenv('ALIYUN_ACCESS_KEY_ID'); $accessKeySecret = getenv('ALIYUN_ACCESS_KEY_SECRET'); $hosts = [ [ 'host' => $esHost, 'port' => '443', 'scheme' => 'https', 'path' => '/es', 'user' => $accessKeyId, 'pass' => $accessKeySecret, ] ]; $client = ClientBuilder::create() ->setHosts($hosts) ->build(); $endTime = round(microtime(true) * 1000); // Milliseconds $startTime = $endTime - (3600 * 1000); $params = [ 'index' => $esIndex, 'body' => [ 'query' => [ 'bool' => [ 'must' => [ 'match' => [ 'request_method' => 'GET' ] ], 'filter' => [ 'range' => [ '@timestamp' => [ 'gte' => $startTime, 'lte' => $endTime ] ] ] ] ] ] ]; $response = $client->search($params); print_r($response);