I am new to use Elasticsearch + Logstash + Kibana for analyzing some logs.
I am about to write some scripts to automate something in
searching/aggregation. Now I only have 10gb data so the performance don't
vary that much when I do searching or visualization. I spent a lot of time
learning ES's query DSL but seems still not get the key, wondering
query_string will just do the search in Kibana, but I can also use those
verbose query DSL in my script.
My question is, regard to performance or any, is there difference to use
whether query_string, the search box like searching, or use the DSL,
verbose with curry brackets? Or people are encouraged to use DSL because it
performs better than query_string, or something?
For now, I don't see any difference b/w query_string and query DSL. Maybe
some one can give me an example that DSL can do something that query_string
cannot.
Any comments may help me increase my understanding of ES. Thank you!
query_string is a bit of a trap - if you write an invalid query it just
crashes. So you find yourself working around it with tons of escaping.
Its also really really powerful and shouldn't be exposed directly to end
users unless you want them to be sneaky.
For the most part I'd suggest using the JSON DSL and/or some DSL wrapper
around it.
I am new to use Elasticsearch + Logstash + Kibana for analyzing some logs.
I am about to write some scripts to automate something in
searching/aggregation. Now I only have 10gb data so the performance don't
vary that much when I do searching or visualization. I spent a lot of time
learning ES's query DSL but seems still not get the key, wondering
query_string will just do the search in Kibana, but I can also use those
verbose query DSL in my script.
My question is, regard to performance or any, is there difference to use
whether query_string, the search box like searching, or use the DSL,
verbose with curry brackets? Or people are encouraged to use DSL because it
performs better than query_string, or something?
For now, I don't see any difference b/w query_string and query DSL. Maybe
some one can give me an example that DSL can do something that query_string
cannot.
Any comments may help me increase my understanding of ES. Thank you!
Query_string is more straight forward, because most of time I use Kibana to
test my query. But for the DSL, it's kind of hard to fully understand which
query to use. And to test my query is also difficult because too many
brackets...
There is a high level Python API for DSL. I'm learning it.
Thanks for your advice.
On Wednesday, March 25, 2015 at 6:14:26 PM UTC-4, Nikolas Everett wrote:
query_string is a bit of a trap - if you write an invalid query it just
crashes. So you find yourself working around it with tons of escaping.
Its also really really powerful and shouldn't be exposed directly to end
users unless you want them to be sneaky.
For the most part I'd suggest using the JSON DSL and/or some DSL wrapper
around it.
On Wed, Mar 25, 2015 at 4:28 PM, Lincoln Xiong <xiong.h...@gmail.com
<javascript:>> wrote:
I am new to use Elasticsearch + Logstash + Kibana for analyzing some
logs. I am about to write some scripts to automate something in
searching/aggregation. Now I only have 10gb data so the performance don't
vary that much when I do searching or visualization. I spent a lot of time
learning ES's query DSL but seems still not get the key, wondering
query_string will just do the search in Kibana, but I can also use those
verbose query DSL in my script.
My question is, regard to performance or any, is there difference to use
whether query_string, the search box like searching, or use the DSL,
verbose with curry brackets? Or people are encouraged to use DSL because it
performs better than query_string, or something?
For now, I don't see any difference b/w query_string and query DSL. Maybe
some one can give me an example that DSL can do something that query_string
cannot.
Any comments may help me increase my understanding of ES. Thank you!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.