如何通过 Elasticsearch 中的日期字段聚合不同的字段
How to aggregate different field by a date field in Elasticsearch
RESTapi调用
GET test10/LREmail10/_search/
{
"size": 10,
"query": {
"range": {
"ALARM DATE": {
"gte": "now-15d/d",
"lt": "now/d"
}
}
},
"fields": [
"ALARM DATE",
"CLASSIFICATION"
]
}
部分输出是,
"took": 25,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 490,
"max_score": 1,
"hits": [
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6XaShke4hy5dziK",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Attack"
],
"ALARM DATE": [
"25/02/2016 8:35:22 AM(UTC-08:00)"
]
}
},
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6e_Shke4hy5dziL",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Compromise"
],
"ALARM DATE": [
"25/02/2016 8:36:16 AM(UTC-08:00)"
]
}
},
我在这里真正想做的是,按报警日期汇总分类。日期的默认格式也有分、秒和时区。但我想汇总每个日期的所有分类。因此,"25/02/2016 8:36:16 AM(UTC-08:00)"
和 "25/02/2016 8:35:22 AM(UTC-08:00)"
应被视为 "25/02/2016"
日期。并获得属于一个日期的所有分类。
我希望我已经正确解释了问题。如果你们需要更多详细信息,请告诉我。
如果有人可以给我提示,看看 Elasticsearch 中的哪些区域也很有帮助。
像下面那样使用date_histogram。
{
"size" :0 ,
"aggs": {
"classification of day": {
"date_histogram": {
"field": "ALARM DATE",
"interval": "day"
},
"aggs": {
"classification": {
"terms": {
"field": "CLASSIFICATION"
}
}
}
}
}
}
RESTapi调用
GET test10/LREmail10/_search/
{
"size": 10,
"query": {
"range": {
"ALARM DATE": {
"gte": "now-15d/d",
"lt": "now/d"
}
}
},
"fields": [
"ALARM DATE",
"CLASSIFICATION"
]
}
部分输出是,
"took": 25,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 490,
"max_score": 1,
"hits": [
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6XaShke4hy5dziK",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Attack"
],
"ALARM DATE": [
"25/02/2016 8:35:22 AM(UTC-08:00)"
]
}
},
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6e_Shke4hy5dziL",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Compromise"
],
"ALARM DATE": [
"25/02/2016 8:36:16 AM(UTC-08:00)"
]
}
},
我在这里真正想做的是,按报警日期汇总分类。日期的默认格式也有分、秒和时区。但我想汇总每个日期的所有分类。因此,"25/02/2016 8:36:16 AM(UTC-08:00)"
和 "25/02/2016 8:35:22 AM(UTC-08:00)"
应被视为 "25/02/2016"
日期。并获得属于一个日期的所有分类。
我希望我已经正确解释了问题。如果你们需要更多详细信息,请告诉我。
如果有人可以给我提示,看看 Elasticsearch 中的哪些区域也很有帮助。
像下面那样使用date_histogram。
{
"size" :0 ,
"aggs": {
"classification of day": {
"date_histogram": {
"field": "ALARM DATE",
"interval": "day"
},
"aggs": {
"classification": {
"terms": {
"field": "CLASSIFICATION"
}
}
}
}
}
}