ElasticSearch请求python中的范围时间戳
[英]ElasticSearch requests range timestamp in python
问题描述
I'm trying to perform a request on my ES, to count logs in a timestamp range. 
我正在尝试在我的ES上执行请求,以计算时间戳范围内的日志。 My request works, but she returns always the same result. 我的请求有效,但她总是返回相同的结果。 The timestamp filter seems not working. 时间戳过滤器似乎无法正常工作。 I would to retrieve a facet by status_code for my servertest01 in a custom timestamp range. 我想在自定义时间戳范围内通过status_code为我的servertest01检索一个方面。
import rawes
from datetime import datetime
from dateutil import tz
paristimezone = tz.gettz('Europe/Paris')
es = rawes.Elastic('127.0.0.1:9200')
result = es.get('/_search', data={
"query" : { "match_all" : {}
},
"filter": {
"range": {
"@timestamp": {
"from": datetime(2013, 3, 11, 8, 0, 30, tzinfo=paristimezone),
"to": datetime(2013, 3, 12, 11, 0, 30, tzinfo=paristimezone)}
}
},
"facets" : {
"error" : {
"terms" : {
"field" : "status_code"
},
"facet_filter" : {
"term" : {"server" : "testserver01"}
}
}
}
})
print(result['facets'])
And in my ES data, the timestamp field is like this: 在我的ES数据中,时间戳字段如下所示:
"@timestamp":"2013-03-12T00:02:29+01:00"
Thanks :) 谢谢 :)
1 个解决方案
解决方案1
4 已采纳 2013-03-14 10:11:00
The filter element in the search API is used to filter query results AFTER facets have been calculated. 搜索API中的filter元素用于在计算facet之后过滤查询结果。
If you want to apply the filter both to the query and to the facets, then you should use a filtered query instead: 如果要将过滤器应用于查询和构面,则应使用filtered查询:
result = es.get('/_search', data={
"query": {
"filtered": {
"query" : { "match_all" : {}},
"filter": {
"range": {
"@timestamp": {
"from": datetime(2013, 3, 11, 8, 0, 30, tzinfo=paristimezone),
"to": datetime(2013, 3, 12, 11, 0, 30, tzinfo=paristimezone)
}
}
}
}
},
"facets" : {
"error" : {
"terms" : {
"field" : "status_code"
},
"facet_filter" : {
"term" : {"server" : "testserver01"}
}
}
}
})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.