如何通过 Elasticsearch 中的日期字段聚合不同的字段

How to aggregate different field by a date field in Elasticsearch

RESTapi调用

GET test10/LREmail10/_search/
    {
       "size": 10,
       "query": {
          "range": {
             "ALARM DATE": {
                "gte": "now-15d/d",
                "lt": "now/d"
             }
          }
       },
       "fields": [
          "ALARM DATE",
          "CLASSIFICATION"
       ]
    }

部分输出是,

 "took": 25,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 490,
      "max_score": 1,
      "hits": [
         {
            "_index": "test10",
            "_type": "LREmail10",
            "_id": "AVM5g6XaShke4hy5dziK",
            "_score": 1,
            "fields": {
               "CLASSIFICATION": [
                  "Attack"
               ],
               "ALARM DATE": [
                  "25/02/2016 8:35:22 AM(UTC-08:00)"
               ]
            }
         },
         {
            "_index": "test10",
            "_type": "LREmail10",
            "_id": "AVM5g6e_Shke4hy5dziL",
            "_score": 1,
            "fields": {
               "CLASSIFICATION": [
                  "Compromise"
               ],
               "ALARM DATE": [
                  "25/02/2016 8:36:16 AM(UTC-08:00)"
               ]
            }
         },

我在这里真正想做的是,按报警日期汇总分类。日期的默认格式也有分、秒和时区。但我想汇总每个日期的所有分类。因此,"25/02/2016 8:36:16 AM(UTC-08:00)""25/02/2016 8:35:22 AM(UTC-08:00)" 应被视为 "25/02/2016" 日期。并获得属于一个日期的所有分类。

我希望我已经正确解释了问题。如果你们需要更多详细信息,请告诉我。

如果有人可以给我提示,看看 Elasticsearch 中的哪些区域也很有帮助。

像下面那样使用date_histogram

 {
 "size" :0 ,
 "aggs": {
        "classification of day": {
           "date_histogram": {
              "field": "ALARM DATE",
              "interval": "day"
           },
           "aggs": {
              "classification": {
                 "terms": {
                    "field": "CLASSIFICATION"
                 }
              }
           }
        }
     }
  }