自 1970 年以来的弹性搜索聚合查询 returns 个结果?
Elastic search aggregation query returns results since 1970?
您好,我是弹性搜索的新手。我是 运行 以下对弹性搜索的查询/休息请求。我正在尝试获取一年的直方图。但是结果 return 是 1970 年以来的数据,而不是去年到今年的数据。
curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "range": { "@timestamp": {"gte": "now-1y/y" , "lt": "now"}}}
]
}
},
"aggs" : {
"sales_over_time" : {
"date_histogram" : {
"field" : "submission_ts",
"interval" : "day",
"format": "yyyy-MM-dd hh:mm:ss"
}
}
}
}'
以下是我收到的回复。如果你检查 key_as_string 你可以看到它从 1970 开始。我的问题是为什么它会忽略指定的范围 ( { "range": { "@timestamp": {"gte": "now-1y/y" , "lt": "now"}}}
)
{
"took" : 22,
"timed_out" : false,
"_shards" : {
"total" : 12,
"successful" : 12,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 1073013,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"sales_over_time" : {
"buckets" : [
{
"key_as_string" : "1970-01-19 12:00:00",
"key" : 1555200000,
"doc_count" : 1016510
},
{
"key_as_string" : "1970-01-20 12:00:00",
"key" : 1641600000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-21 12:00:00",
"key" : 1728000000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-22 12:00:00",
"key" : 1814400000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-23 12:00:00",
"key" : 1900800000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-24 12:00:00",
"key" : 1987200000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-25 12:00:00",
"key" : 2073600000,
"doc_count" : 0
},
}
您的查询位于 @timestamp 字段,但您的聚合位于 submission_ts。
如果您希望 date_histogram 聚合受查询限制,您需要在查询和聚合中使用相同的字段。
curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "range": { "submission_ts": {"gte": "now-1y/y" , "lt": "now"}}}
]
}
},
"aggs" : {
"sales_over_time" : {
"date_histogram" : {
"field" : "submission_ts",
"interval" : "day",
"format": "yyyy-MM-dd hh:mm:ss"
}
}
}
}'
您好,我是弹性搜索的新手。我是 运行 以下对弹性搜索的查询/休息请求。我正在尝试获取一年的直方图。但是结果 return 是 1970 年以来的数据,而不是去年到今年的数据。
curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "range": { "@timestamp": {"gte": "now-1y/y" , "lt": "now"}}}
]
}
},
"aggs" : {
"sales_over_time" : {
"date_histogram" : {
"field" : "submission_ts",
"interval" : "day",
"format": "yyyy-MM-dd hh:mm:ss"
}
}
}
}'
以下是我收到的回复。如果你检查 key_as_string 你可以看到它从 1970 开始。我的问题是为什么它会忽略指定的范围 ( { "range": { "@timestamp": {"gte": "now-1y/y" , "lt": "now"}}}
)
{
"took" : 22,
"timed_out" : false,
"_shards" : {
"total" : 12,
"successful" : 12,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 1073013,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"sales_over_time" : {
"buckets" : [
{
"key_as_string" : "1970-01-19 12:00:00",
"key" : 1555200000,
"doc_count" : 1016510
},
{
"key_as_string" : "1970-01-20 12:00:00",
"key" : 1641600000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-21 12:00:00",
"key" : 1728000000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-22 12:00:00",
"key" : 1814400000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-23 12:00:00",
"key" : 1900800000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-24 12:00:00",
"key" : 1987200000,
"doc_count" : 0
},
{
"key_as_string" : "1970-01-25 12:00:00",
"key" : 2073600000,
"doc_count" : 0
},
}
您的查询位于 @timestamp 字段,但您的聚合位于 submission_ts。
如果您希望 date_histogram 聚合受查询限制,您需要在查询和聚合中使用相同的字段。
curl -X GET "10.10.9.1:9200/mep-reports*/_search?pretty&size=0" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "range": { "submission_ts": {"gte": "now-1y/y" , "lt": "now"}}}
]
}
},
"aggs" : {
"sales_over_time" : {
"date_histogram" : {
"field" : "submission_ts",
"interval" : "day",
"format": "yyyy-MM-dd hh:mm:ss"
}
}
}
}'