This topic describes how to use the Elasticsearch SDK and the Elasticsearch-compatible API to analyze data in Simple Log Service.
This is an original Alibaba Cloud document. All rights are reserved by Alibaba Cloud. This document describes how Alibaba Cloud services can interact with third-party products. Any mention of third-party names or products is for reference purposes only.
Prerequisites
A project and a Standard logstore are created, and logs are collected. For more information, see Manage projects, Create a Logstore, and Data collection.
Indexes are created before you query logs. For more information, see Create indexes.
An AccessKey pair is created for the RAM user, and the required permissions to query logs in logstores are granted to the RAM user. For more information, see RAM authorization.
Usage notes
-
The Elasticsearch-compatible API supports only Elasticsearch SDKs of version 7.x.
-
If you do not specify
@timestampin a query, the query retrieves data from the last 24 hours by default.
Parameters
|
Parameter |
Description |
|
|
The data access address. The format is Important
Only the HTTPS protocol is supported. |
|
|
Enter |
|
|
|
|
|
|
Examples
The following examples show how to use the Elasticsearch SDK and the Elasticsearch-compatible API to analyze data in Simple Log Service. In these examples, the project is etl-dev, the logstore is accesslog, and the Simple Log Service endpoint is cn-huhehaote.log.aliyuncs.com.
Curl example
curl -u ${ALIYUN_ACCESS_KEY_ID}:${ALIYUN_ACCESS_KEY_SECRET} "https://etl-dev.cn-huhehaote.log.aliyuncs.com/es/etl-dev.accesslog/_search?q=status:200"Python SDK example
-
Install the dependency.
pip install elasticsearch==7.17 -
Sample code
#!/bin/env python3 import os import json import time from elasticsearch import Elasticsearch, helpers slsProject = "etl-dev" slsEndpoint = "cn-huhehaote.log.aliyuncs.com" slsLogstore = "accesslog" esHost = "https://%s.%s/es/" % (slsProject, slsEndpoint) esIndex = "%s.%s" % (slsProject, slsLogstore) # Get the AccessKey pair from environment variables. accessKeyId = os.environ['ALIYUN_ACCESS_KEY_ID'] accessKeySecret = os.environ['ALIYUN_ACCESS_KEY_SECRET'] esClient = Elasticsearch(hosts=esHost, http_auth=(accessKeyId, accessKeySecret), verify_certs=True, timeout=300) endTime = int(time.time()*1000) startTime = endTime - 3600*1000 r = esClient.search( index=esIndex, body= { "query": { "bool": { "filter": [ { "range": { "@timestamp": { "gte": startTime, "lte": endTime, "format": "epoch_millis" } } } ] } } } ) print(json.dumps(r, indent=4))
Elasticsearch DSL example
Elasticsearch DSL (Domain-Specific Language) is a query language for searching data in Elasticsearch. Use the following client library to avoid constructing DSL queries manually.
-
Install the dependency.
pip install elasticsearch-dsl==7.4.1 -
Elasticsearch DSL example
#!/bin/env python3 import os import json import time from elasticsearch import Elasticsearch, helpers from elasticsearch_dsl import Search, Q slsProject = "etl-dev" slsEndpoint = "cn-huhehaote.log.aliyuncs.com" slsLogstore = "accesslog" esHost = "https://%s.%s/es/" % (slsProject, slsEndpoint) esIndex = "%s.%s" % (slsProject, slsLogstore) # Get the AccessKey pair from environment variables. accessKeyId = os.environ['ALIYUN_ACCESS_KEY_ID'] accessKeySecret = os.environ['ALIYUN_ACCESS_KEY_SECRET'] esClient = Elasticsearch(hosts=esHost, http_auth=(accessKeyId, accessKeySecret), verify_certs=True, timeout=300) endTime = int(time.time()*1000) startTime = endTime - 3600*1000 s = Search(using=esClient, index=esIndex) \ .filter(Q("range", **{"@timestamp": {"gte": startTime, "lt": endTime, "format": "epoch_millis"}})) \ .query("match", request_method="GET") \ response = s.execute() for hit in response: # The request_method, host, and client_ip are fields in the Simple Log Service logs. print(hit.request_method, hit.host, hit.client_ip)
Go SDK example
package main
import (
"context"
"fmt"
"os"
"time"
"github.com/olivere/elastic/v7"
)
func main() {
// The following code shows how to use the Elasticsearch SDK to access the Elasticsearch-compatible API of Simple Log Service.
slsProject := "etl-dev"
slsLogstore := "accesslog"
slsEndpoint := "cn-huhehaote.log.aliyuncs.com"
accessKeyID := os.Getenv("ALIYUN_ACCESS_KEY_ID")
accessKeySecret := os.Getenv("ALIYUN_ACCESS_KEY_SECRET")
esHost := fmt.Sprintf("https://%s.%s:443/es", slsProject, slsEndpoint)
esIndex := fmt.Sprintf("%s.%s", slsProject, slsLogstore)
esClient, err := elastic.NewClient(
elastic.SetURL(esHost),
elastic.SetSniff(false),
elastic.SetBasicAuth(accessKeyID, accessKeySecret), // Set the username and password for basic authentication.
elastic.SetHealthcheck(false), // Disable health checks.
)
if err != nil {
panic(err)
}
termQuery := elastic.NewTermQuery("request_method", "GET")
endTime := time.Now().Unix()
startTime := endTime - 3600
timeRangeQuery := elastic.NewRangeQuery("@timestamp").Gte(startTime).Lte(endTime)
boolQuery := elastic.NewBoolQuery()
boolQuery = boolQuery.Must(timeRangeQuery, termQuery)
searchResult, err := esClient.Search().
Index(esIndex).
Query(boolQuery).
From(0).Size(10).
Pretty(true).
Do(context.Background())
if err != nil {
panic(err)
}
// Print the results.
for _, hit := range searchResult.Hits.Hits {
fmt.Println(string(hit.Source))
}
}Java SDK example
-
Add the dependencies to the pom.xml file.
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.example</groupId> <artifactId>estest</artifactId> <version>1.0-SNAPSHOT</version> <properties> <maven.compiler.source>8</maven.compiler.source> <maven.compiler.target>8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.elasticsearch.client</groupId> <artifactId>elasticsearch-rest-high-level-client</artifactId> <version>7.10.1</version> </dependency> <dependency> <groupId>org.elasticsearch.client</groupId> <artifactId>elasticsearch-rest-client</artifactId> <version>7.10.1</version> </dependency> </dependencies> </project> -
Sample code
package org.example; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.impl.client.BasicCredentialsProvider; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.client.RequestOptions; import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClientBuilder; import org.elasticsearch.client.RestHighLevelClient; import org.elasticsearch.index.query.BoolQueryBuilder; import org.elasticsearch.index.query.MatchQueryBuilder; import org.elasticsearch.index.query.RangeQueryBuilder; import org.elasticsearch.search.builder.SearchSourceBuilder; import java.io.IOException; public class Main { public static void main(String[] args) throws IOException { String slsProject = "etl-dev"; String slsLogstore = "accesslog"; String slsEndpoint = "cn-huhehaote.log.aliyuncs.com"; String schema = "https"; String esHost = slsProject + "." + slsEndpoint; // ${project}.${endpoint} int port = 443; String esIndex = slsProject + "." + slsLogstore; // ${project}.${logstore} String esPrefix = "/es/"; String accessKeyId = System.getenv("ALIYUN_ACCESS_KEY_ID"); String accessKeySecret = System.getenv("ALIYUN_ACCESS_KEY_SECRET"); final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(accessKeyId, accessKeySecret)); RestClientBuilder builder = RestClient.builder(new HttpHost(esHost, port, schema)).setHttpClientConfigCallback( httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)); // Set the /es/ path prefix. builder.setPathPrefix(esPrefix); RestHighLevelClient client = new RestHighLevelClient(builder); // Build the query. BoolQueryBuilder boolExpr= new BoolQueryBuilder(); long endTime = System.currentTimeMillis(); long startTime = endTime - 3600 * 1000; boolExpr.filter().add(new MatchQueryBuilder("request_method", "GET")); boolExpr.filter().add(new RangeQueryBuilder("@timestamp").gte(startTime).lte(endTime).format("epoch_millis")); SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder(); searchSourceBuilder.query(boolExpr); SearchRequest searchRequest = new SearchRequest(esIndex); searchRequest.source(searchSourceBuilder); SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT); System.out.println(searchResponse.toString()); client.close(); } }
PHP SDK example
-
Use Composer to install the Elasticsearch PHP client.
composer require elasticsearch/elasticsearch -
Sample code
<?php require 'vendor/autoload.php'; use Elasticsearch\ClientBuilder; $slsProject = 'etl-dev'; $slsLogstore = 'accesslog'; $slsEndpoint = 'cn-huhehaote.log.aliyuncs.com'; $esHost = $slsProject . '.' . $slsEndpoint; $esIndex = $slsProject . '.' . $slsLogstore; $accessKeyId = getenv('ALIYUN_ACCESS_KEY_ID'); $accessKeySecret = getenv('ALIYUN_ACCESS_KEY_SECRET'); $hosts = [ [ 'host' => $esHost, 'port' => '443', 'scheme' => 'https', 'path' => '/es', 'user' => $accessKeyId, 'pass' => $accessKeySecret, ] ]; $client = ClientBuilder::create() ->setHosts($hosts) ->build(); $endTime = round(microtime(true) * 1000); // Unit: milliseconds $startTime = $endTime - (3600 * 1000); $params = [ 'index' => $esIndex, 'body' => [ 'query' => [ 'bool' => [ 'must' => [ 'match' => [ 'request_method' => 'GET' ] ], 'filter' => [ 'range' => [ '@timestamp' => [ 'gte' => $startTime, 'lte' => $endTime ] ] ] ] ] ] ]; $response = $client->search($params); print_r($response);