如何检索时间戳以及弹性聚合中的最小值
How to retrieve timestamp along with minimum value within an elastic aggregation
我正在对弹性数据集执行聚合查询
我想检索一个时间跨度内的最大值和最小值
我用
实现了这个
"aggs": {
"DateRangeFilter": {
"filter": {
"range": {
"@timestamp": {
"gte": "2015-10-16T11:13:17.000",
"lte": "2015-10-16T12:29:47.000"
}
}
},
"aggs": {
"min_chan4": {
"min": {
"field": "ch_004"
}
},
"max_chan4": {
"max": {
"field": "ch_004"
}
}
这给了我:
"DateRangeFilter": {
"doc_count": 153,
"min_chan4": {
"value": 0.7463656663894653
},
"max_chan4": {
"value": 5.170884132385254
}
太棒了。
我还需要检索每个事件发生的 time
我的文档如下所示:
"_source": {
"GroupId": "blahblah",
"@timestamp": "2015-10-14T12:41:30Z",
"ch_004": 1.5608633995056154
}
所以我希望不仅能够检索给定日期范围内的最小值和最大值,还能检索记录最小值或最大值的时间 (@timestamp)
例如最小值 minX 出现在时间 t1,最大值 maxX 出现在时间 t2
你可以通过Top Hits Aggregation. example can be found :
来实现
{
"aggs": {
"DateRangeFilter": {
"filter": {
"range": {
"@timestamp": {
"gte": "2015-10-16T11:13:17.000",
"lte": "2015-10-16T12:29:47.000"
}
}
},
"aggs": {
"ch_004_min": {
"top_hits": {
"size": 1,
"sort": [
{
"timestamp": {
"order": "asc"
}
}
]
}
},
"ch_004_max": {
"top_hits": {
"size": 1,
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}
我正在对弹性数据集执行聚合查询 我想检索一个时间跨度内的最大值和最小值 我用
实现了这个"aggs": {
"DateRangeFilter": {
"filter": {
"range": {
"@timestamp": {
"gte": "2015-10-16T11:13:17.000",
"lte": "2015-10-16T12:29:47.000"
}
}
},
"aggs": {
"min_chan4": {
"min": {
"field": "ch_004"
}
},
"max_chan4": {
"max": {
"field": "ch_004"
}
}
这给了我:
"DateRangeFilter": {
"doc_count": 153,
"min_chan4": {
"value": 0.7463656663894653
},
"max_chan4": {
"value": 5.170884132385254
}
太棒了。
我还需要检索每个事件发生的 time 我的文档如下所示:
"_source": {
"GroupId": "blahblah",
"@timestamp": "2015-10-14T12:41:30Z",
"ch_004": 1.5608633995056154
}
所以我希望不仅能够检索给定日期范围内的最小值和最大值,还能检索记录最小值或最大值的时间 (@timestamp)
例如最小值 minX 出现在时间 t1,最大值 maxX 出现在时间 t2
你可以通过Top Hits Aggregation. example can be found
{
"aggs": {
"DateRangeFilter": {
"filter": {
"range": {
"@timestamp": {
"gte": "2015-10-16T11:13:17.000",
"lte": "2015-10-16T12:29:47.000"
}
}
},
"aggs": {
"ch_004_min": {
"top_hits": {
"size": 1,
"sort": [
{
"timestamp": {
"order": "asc"
}
}
]
}
},
"ch_004_max": {
"top_hits": {
"size": 1,
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}