减去 Kibana 中的两个值以获得特定时间戳
Subtract two values in Kibana for specific timestamps
这是我第一次这样做,似乎找不到在线资源。
指数按日汇总。所以每天一条记录。
4 月 26 日:
{
"_index": "gamers",
"_type": "dailyAgg",
"_id": "dailyAgg-2015-04-26T00:00:00Z",
"_score": null,
"_source": {
"timestamp": "2017-04-26T00:00:00Z",
"player_count": 800
},
"timestamp": [
1493164800000
]
},
"sort": [
1493164800000
]
}
4 月 25 日:
{
"_index": "gamers",
"_type": "dailyAgg",
"_id": "dailyAgg-2017-04-25T00:00:00Z",
"_score": null,
"_source": {
"timestamp": "2017-04-25T00:00:00Z",
"player_count": 500
},
"timestamp": [
1493078400000
]
},
"sort": [
1493078400000
]
}
我需要的是:
player_count(Today) - player_count(Yesterday)
=> player_count(26 April) - player_count(25 April) = 800 - 500 = 300
我试过脚本字段和无痛脚本,但无法提取给定日期的数据。
这是我最终使用的解决方案:Custom Plugin
这是我第一次这样做,似乎找不到在线资源。
指数按日汇总。所以每天一条记录。
4 月 26 日:
{
"_index": "gamers",
"_type": "dailyAgg",
"_id": "dailyAgg-2015-04-26T00:00:00Z",
"_score": null,
"_source": {
"timestamp": "2017-04-26T00:00:00Z",
"player_count": 800
},
"timestamp": [
1493164800000
]
},
"sort": [
1493164800000
]
}
4 月 25 日:
{
"_index": "gamers",
"_type": "dailyAgg",
"_id": "dailyAgg-2017-04-25T00:00:00Z",
"_score": null,
"_source": {
"timestamp": "2017-04-25T00:00:00Z",
"player_count": 500
},
"timestamp": [
1493078400000
]
},
"sort": [
1493078400000
]
}
我需要的是:
player_count(Today) - player_count(Yesterday)
=> player_count(26 April) - player_count(25 April) = 800 - 500 = 300
我试过脚本字段和无痛脚本,但无法提取给定日期的数据。
这是我最终使用的解决方案:Custom Plugin