如何根据时间戳从索引中检索弹性搜索数据?
How to retrieve elasticsearch data from index based on timestamp?
我想根据时间戳从 elasticsearch 中检索数据。时间戳在 epoch_millis 中,我尝试像这样检索数据:
{
"query": {
"bool": {
"must":[
{
"range": {
"TimeStamp": {
"gte": "1632844180",
"lte": "1635436180"
}
}
}
]
}
},
"size": 10
}
但回复是这样的:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
如何从某个索引中检索给定时间段内的数据?
数据如下所示:
{
"_index" : "my-index",
"_type" : "_doc",
"_id" : "zWpMNXcBTeKmGB84eksSD",
"_score" : 1.0,
"_source" : {
"Source" : "Market",
"Category" : "electronics",
"Value" : 20,
"Price" : 45.6468,
"Currency" : "EUR",
"TimeStamp" : 1611506922000 }
此外,在索引上使用 _search 时,结果有 10.000 次匹配。我怎样才能访问其他条目? (超过 10.000 个结果)并能够选择所需的时间戳间隔。
对于你的第一个问题,假设你有这样的映射:
{
"mappings": {
"properties": {
"Source": {
"type": "keyword"
},
"Category": {
"type": "keyword"
},
"Value": {
"type": "integer"
},
"Price": {
"type": "float"
},
"Currency": {
"type": "keyword"
},
"TimeStamp": {
"type": "date"
}
}
}
}
然后我索引了2个示例文档(上面1个是你的,但是时间戳肯定不在你的范围内):
[{
"Source": "Market",
"Category": "electronics",
"Value": 30,
"Price": 55.6468,
"Currency": "EUR",
"TimeStamp": 1633844180000
},
{
"Source": "Market",
"Category": "electronics",
"Value": 20,
"Price": 45.6468,
"Currency": "EUR",
"TimeStamp": 1611506922000
}]
如果你真的需要使用上面的范围进行查询,你首先需要将你的TimeStamp字段转换为秒(/1000),然后根据该字段进行查询:
{
"runtime_mappings": {
"secondTimeStamp": {
"type": "long",
"script": "emit(doc['TimeStamp'].value.millis/1000);"
}
},
"query": {
"bool": {
"must": [
{
"range": {
"secondTimeStamp": {
"gte": 1632844180,
"lte": 1635436180
}
}
}
]
}
},
"size": 10
}
然后你会得到第一个文档。
关于你的第二个问题,默认情况下,Elasticsearch的max_result_window只有10000。你可以将这个限制增加updating the settings,但会增加内存使用量。
PUT /index/_settings
{
"index.max_result_window": 999999
}
您应该改用 search_after API。
我想根据时间戳从 elasticsearch 中检索数据。时间戳在 epoch_millis 中,我尝试像这样检索数据:
{
"query": {
"bool": {
"must":[
{
"range": {
"TimeStamp": {
"gte": "1632844180",
"lte": "1635436180"
}
}
}
]
}
},
"size": 10
}
但回复是这样的:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
如何从某个索引中检索给定时间段内的数据?
数据如下所示:
{
"_index" : "my-index",
"_type" : "_doc",
"_id" : "zWpMNXcBTeKmGB84eksSD",
"_score" : 1.0,
"_source" : {
"Source" : "Market",
"Category" : "electronics",
"Value" : 20,
"Price" : 45.6468,
"Currency" : "EUR",
"TimeStamp" : 1611506922000 }
此外,在索引上使用 _search 时,结果有 10.000 次匹配。我怎样才能访问其他条目? (超过 10.000 个结果)并能够选择所需的时间戳间隔。
对于你的第一个问题,假设你有这样的映射:
{
"mappings": {
"properties": {
"Source": {
"type": "keyword"
},
"Category": {
"type": "keyword"
},
"Value": {
"type": "integer"
},
"Price": {
"type": "float"
},
"Currency": {
"type": "keyword"
},
"TimeStamp": {
"type": "date"
}
}
}
}
然后我索引了2个示例文档(上面1个是你的,但是时间戳肯定不在你的范围内):
[{
"Source": "Market",
"Category": "electronics",
"Value": 30,
"Price": 55.6468,
"Currency": "EUR",
"TimeStamp": 1633844180000
},
{
"Source": "Market",
"Category": "electronics",
"Value": 20,
"Price": 45.6468,
"Currency": "EUR",
"TimeStamp": 1611506922000
}]
如果你真的需要使用上面的范围进行查询,你首先需要将你的TimeStamp字段转换为秒(/1000),然后根据该字段进行查询:
{
"runtime_mappings": {
"secondTimeStamp": {
"type": "long",
"script": "emit(doc['TimeStamp'].value.millis/1000);"
}
},
"query": {
"bool": {
"must": [
{
"range": {
"secondTimeStamp": {
"gte": 1632844180,
"lte": 1635436180
}
}
}
]
}
},
"size": 10
}
然后你会得到第一个文档。
关于你的第二个问题,默认情况下,Elasticsearch的max_result_window只有10000。你可以将这个限制增加updating the settings,但会增加内存使用量。
PUT /index/_settings
{
"index.max_result_window": 999999
}
您应该改用 search_after API。