0

我在 elasticsearch 中列出了包含各种文件的文档。文件如下所示。

    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-06T16:47:13.555Z"
    },
    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-06T18:00:00.555Z"
    },
    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-07T13:47:13.555Z"
    }
]

我想以 1 天的间隔查找特定日期范围内存在的文档数量,比方说 2021-10-05T00:47:13.555Z to 2021-10-08T00:13:13.555Z

我正在尝试以下聚合结果。

{
    "size": 0,
    "query": {
        "filter": {
            "bool": {
                "must": [
                    {
                        "range": {
                            "@timestamp": {
                                "gte": "2021-10-05T00:47:13.555Z",
                                "lte": "2021-10-08T00:13:13.555Z",
                                "format": "strict_date_optional_time"
                            }
                        }
                    }
                ]
            }
        }
    },
    "aggs": {
        "data": {
            "date_histogram": {
                "field": "@timestamp",
                "calendar_interval": "day"
            }
        }
    }
}

预期的输出应该是:- 因为2021-10-06我应该得到 2 个文档,2021-10-07我应该得到 1 个文档,如果文档不存在,我应该得到计数为 0。

4

1 回答 1

0

以下解决方案有效

{
   "size":0,
   "query":{
      "bool":{
         "must":[
            
         ],
         "filter":[
            {
               "match_all":{
                  
               }
            },
            {
               "range":{
                  "@timestamp":{
                     "gte":"2021-10-05T00:47:13.555Z",
                     "lte":"2021-10-08T00:13:13.555Z",
                     "format":"strict_date_optional_time"
                  }
               }
            }
         ],
         "should":[
            
         ],
         "must_not":[
            
         ]
      }
   },
   "aggs":{
      "data":{
         "date_histogram":{
            "field":"@timestamp",
            "fixed_interval":"12h",
            "time_zone":"Asia/Calcutta",
            "min_doc_count":1
         }
      }
   }
}
于 2021-10-11T07:01:21.183 回答