堆栈内存溢出
  简体   繁体   English

Elasticsearch:如何在聚合中使用多个过滤器和计算?

[英]Elasticsearch : How to use multiple filter and calculation in aggregations?

 原文  2020-11-09 16:11:20       php/ elasticsearch/ kibana

问题描述

I'm trying to do a function on kibana.我正在尝试在 kibana 上做一个功能。 I have an index with orders with some fields : datetime1 , datetime2 with format : yyyy-MM-dd HH:mm我有一个包含一些字段的订单索引: datetime1datetime2 ,格式为: yyyy-MM-dd HH:mm

First I have to check if datetime1 exist.首先,我必须检查datetime1存在。 Secondly I have to check the difference between this 2 datime datetime2 - datetime1 To finish I have to put the result in differents aggs if the difference is:其次,我必须检查这 2 个datetime2 - datetime1之间的差异如果差异是:

  • less than 24h不到24小时
  • between 24 and 48h 24 到 48 小时之间
  • 48 - 72 48 - 72
  • .... ....

What I tried :我试过的:

GET orders/_search
{
  "size": 0,
  "aggs": {
    "test1": {
      "filters": {
        "filters": {
          "exist_datetime1": {
            "exists": {
              "field": "datetime1"
            }
          },
          "24_hours": {
            "script": {
              "script": {
                "source": "doc['datetime2'].value - doc['datetime1'].value < 24",
                "lang": "painless"
              }
            }
          }
        }
      }
    }
  }
}

How can I do multiple filter and do a subtraction between date ?如何进行多重过滤并在日期之间进行减法? Thank for your help :)感谢您的帮助 :)

1 个解决方案

解决方案1
 1 已采纳  2020-11-09 16:20:12

That's a good start, however, I think you need something slightly different.这是一个好的开始,但是,我认为您需要一些稍微不同的东西。 Here is an attempt at providing the ranges your need using the range aggregation powered by your script.这是使用由您的脚本提供支持的range聚合来提供您需要的range的尝试。

You need to make sure both date fields have values ( query part) and then you can define the buckets you need ( < 24h , 24h - 48h , etc)您需要确保两个日期字段都有值( query部分),然后您可以定义所需的存储桶( < 24h24h - 48h等)

{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "exists": {
            "field": "datetime1"
          }
        },
        {
          "exists": {
            "field": "datetime2"
          }
        }
      ]
    }
  },
  "aggs": {
    "ranges": {
      "range": {
        "script": {
          "lang": "painless",
          "source": "(doc['datetime2'].value.millis - doc['datetime1'].value.millis) / 3600000"
        },
        "ranges": [
          {
            "to": 24,
            "key": "< 24h"
          },
          {
            "from": 24,
            "to": 48,
            "key": "24h-48h"
          },
          {
            "from": 48,
            "key": "> 48h"
          }
        ]
      }
    }
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ElasticSearch,如何按其他字段排序聚合? - ElasticSearch, how to order aggregations by other field? php 中的 Elasticsearch 聚合 - Elasticsearch aggregations in php elasticsearch php嵌套聚合 - elasticsearch php nested aggregations Elasticsearch-如何在查询中使用多个分析器 - Elasticsearch - How to use multiple analyzers in a query 如何在 laravel 中使用多个过滤器 - how to use multiple filter in laravel 如何使用Elasticsearch 1.4.5中必须使用范围和术语进行过滤的方法 - How to use must filter with range and terms in elasticsearch 1.4.5 elasticsearch返回所有找到的聚合 - elasticsearch returning all found aggregations (Elasticsearch)如何获取所有文档的嵌套字段的最后一个元素然后执行子聚合 - (Elasticsearch) How to get the last element of a nested field of all documents then perform sub-aggregations Elasticsearch PHP:具有日期间隔的文档聚合 - Elasticsearch php : aggregations of documents with date interval 如何在Elasticsearch PHP中使用&#39;OR&#39; - How to use 'OR' in elasticsearch PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM