我正在尝试以每小时为单位计算弹性搜索文档的两个日期字段之间的时间差(以分钟为单位)。
elasticsearch中的文档是这样的:
[
{
"name": "rakesh",
"age": "26",
"email": "rakesh@gmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "sam",
"age": "24",
"email": "samjoe@elastic.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "joseph",
"age": "26",
"email": "joseph@gmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "genny",
"age": "24",
"email": "genny@hotmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
}
]
使用上述文档,我们需要获取 updatedDate 和 createdDate 的差异以及在同一小时内创建的具有相同 timediff 的文档的计数。
从上面的示例数据中,我们需要将输出提取为 -
for hour 1549458000000 there are 4 documents which are updated within the 4 minutes
of time.
我可以使用脚本字段获取 timediff
"script_fields" : {
"timeDiff" : {
"script" : "doc['updatedDate'].value -
doc['createdDate'].value"
}
}
我试过的计数聚合是
{
"size": 0,
"aggs": {
"hour": {
"date_histogram": {
"field": "createdDate",
"interval": "hour",
"time_zone": "Asia/Calcutta",
"min_doc_count": 1
},
"aggs": {
"mail_count": {
"value_count": {
"field": "email"
}
}
}
}
},
"query": {
"bool": {
"must": []
}
}
}
通过上述查询,我可以获得该特定小时内的全部文档。无论如何将这两个输出组合成一个输出。
提前致谢