Elasticsearch:通过时间戳过滤聚合
Elasticsearch: Aggregation with filtering by timestamp
我需要获取特定日期的 distinct ID 列表。我正在尝试将 'Aggregations' 与 'Filtering' 一起使用。尝试了几种方法,但它不工作。正确的格式是什么?
{
"size": "1000",
"_source": ["Id"],
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": { "field": "Id.keyword" }
}
}
}
我尝试的另一种方式:
{
"size": "1000",
"_source": ["Id"],
"aggs": {
"ids": {
"filter": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"terms": { "field": "Id.keyword" }
}
}
}
这是@timestamp 映射:
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
}
其实第一个选项几乎是正确的。您只需要在查询中将大小设置为 0,删除不需要的 _source 并在术语聚合中将大小设置为 1000:
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}
我需要获取特定日期的 distinct ID 列表。我正在尝试将 'Aggregations' 与 'Filtering' 一起使用。尝试了几种方法,但它不工作。正确的格式是什么?
{
"size": "1000",
"_source": ["Id"],
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": { "field": "Id.keyword" }
}
}
}
我尝试的另一种方式:
{
"size": "1000",
"_source": ["Id"],
"aggs": {
"ids": {
"filter": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"terms": { "field": "Id.keyword" }
}
}
}
这是@timestamp 映射:
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
}
其实第一个选项几乎是正确的。您只需要在查询中将大小设置为 0,删除不需要的 _source 并在术语聚合中将大小设置为 1000:
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}