我是 ELK Stack 的新手。我正在使用 Kibana 仪表板来查找每天与前一天的计数差异(差异)。所以,我们可以知道每天的销售额与前一天相比增加了多少
供参考:Present Dashboard 写了一个查询来查找每个日期的计数以及与版本号聚合的存储桶。
我的查询:
{
"aggs": {
"2": {
"date_histogram": {
"field": "install_date",
"interval": "1d",
"time_zone": "America/New_York",
"min_doc_count": 1
},
"aggs": {
"3": {
"terms": {
"field": "version.keyword",
"size": 50,
"order": {
"_key": "desc"
},
"script": "( _value.indexOf('-') > 0 ? _value.substring(0, _value.indexOf('-')+2) : _value )"
},
"aggs": {
"1": {
"sum_bucket": {
"buckets_path": "1-bucket>_count"
}
},
"1-bucket": {
"date_histogram": {
"field": "install_date",
"interval": "1d",
"time_zone": "America/New_York",
"min_doc_count": 1
}
}
}
}
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "deploy_date_asset_tag",
"format": "date_time"
},
{
"field": "deploy_date_localtime",
"format": "date_time"
},
{
"field": "install_date",
"format": "date_time"
},
{
"field": "timestamp",
"format": "date_time"
},
{
"field": "ui_legacy_access",
"format": "date_time"
},
{
"field": "ui_satori_access",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"match_all": {}
},
{
"range": {
"timestamp": {
"gte": 1408458089497,
"lte": 1566224489497,
"format": "epoch_millis"
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}