堆栈内存溢出
  简体   繁体   English

带有聚合的Elasticsearch日期范围查询

[英]Elasticsearch Date range query with aggregation

 原文  2016-11-24 14:02:53       elasticsearch/ elasticsearch-aggregation

问题描述

I am trying to execute following query. 我正在尝试执行以下查询。 I have 3 attributes in document STATUS - Which can be "FAIL", "PASS" , "INVALID" DATE - contains date and time. 我在文件状态中有3个属性-可以是“失败”,“通过”,“无效”日期-包含日期和时间。

I want daily number of count for each status 我想要每个状态的每日计数

eg : Date : 11-09-2016, STATUS : FAIL, count: 120 例如:日期:2016年11月9日,状态:失败,计数:120
Date : 11-09-2016, STATUS : PASS, count: 150 日期:2016年11月9日,状态:通过,数量:150

I want data for last one month, two month and so on 我想要过去一个月,两个月等的数据 

 SearchRequest requestQuery =
Requests.searchRequest(ConstantsValue.indexName)
    .types(ConstantsValue._Type)
    .source("{size:999999,"
    + "\"_source\" : "
    + "[\"DTCREATED\", \"STATUS\"]"             
    + ",\"aggs\": "     
    + "{\"group_by_STATUS\": {\"terms\": {\"field\": \"STATUS\"},"
    + "\"aggs\" : "
    + "{\"group_by_DATE\" : {\"date_histogram\" : "
    + "{\"field\" : \"DTCREATED\", \"interval\" : \"day\","
    + "\"format\" : \"yyyy-MM-dd\" },"
    + "\"aggs\" : "
    + "{\"grades_count\" : { \"value_count\" : { \"field\" : \"STATUS\" } }}}}}}}");

This code gives me daily count of each status but for all records. 该代码为我提供了每个状态的每日计数,但包含所有记录。 and want to add range filter something like below. 并想添加范围过滤器,如下所示。 

+"\"query\": {"
+" \"filtered\": {"
+" \"filter\": {"
+ "\"range\": { \"DTCREATED\": { \"gte\": \"now-90d/d\" }}"
+"}}}}}");

But I am not able to merge content of these two queries. 但是我无法合并这两个查询的内容。 I have tried my best. 我已经尽力了。 Any help is greatly appreciated. 任何帮助是极大的赞赏。

2 个解决方案

解决方案1
 0  2016-11-24 23:10:34

If I understand you correctly, you need to use sub-aggregations . 如果我对您的理解正确,则需要使用子集合

The query looks something like this: 查询看起来像这样: 

"aggs" : {
  "days" :{
    "date_histogram" : {
        "field" : "DTCREATED",
        "interval" : "day"
    }
  },
  "aggs" : {
    "statuse_in_day" : {
        "terms" : {
            "field" : "STATUS"
        }
    }
}

First you will get the buckets by day and inside each of this buckets you will get bucket by status value. 首先,您将按天获取存储分区,并且在每个存储分区中,您将按状态值获取存储分区。

解决方案2
 0  2016-12-04 12:11:34

well you need add query.. you can combine query and aggregations like this : 很好,您需要添加查询..您可以将查询和聚合结合在一起,如下所示: 

"query": {
    "range": {
       "@timestamp": {
          "from": "now-90d"
       }
    }
},
"aggs" : {"..."}

the 'd' is represnt days. “ d”是代表天。 in this query you ask all the document from "now - 90 days" till today, and you add the aggragation from the last asnwer 在此查询中,您要查询从“现在-90天”到今天的所有文档,并添加从上一个排序器开始的合并
you can look here for the query elasticsearch range query 您可以在此处查找查询elasticsearch范围查询

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Elasticsearch在日期范围内的聚合 - Elasticsearch aggregation on date range 使用Java API的ElasticSearch日期范围查询聚合 - ElasticSearch date range query aggregation using Java API 带有求和的Elasticsearch日期范围聚合 - Elasticsearch Date Range Aggregation with Sum ElasticSearch - 聚合 + 范围 + 术语查询 - ElasticSearch - Aggregation + Range + Term query elasticsearch范围查询被范围聚合忽略 - elasticsearch range query ignored by range aggregation ElasticSearch日期范围查询 - ElasticSearch Date Range Query 在Elasticsearch中查询日期范围 - query on a date range in elasticsearch Elasticsearch中的日期范围查询 - Date range query in elasticsearch 日期范围查询Elasticsearch - Date Range Query Elasticsearch Elasticsearch日期范围聚合和时区 - Elasticsearch Date Range Aggregation and Time Zone
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM