堆栈内存溢出
  简体   繁体   English

如何比较 elasticsearch 中同一文档中的两个日期字段

[英]How to compare two date fields in same document in elasticsearch

 原文  2022-01-11 11:12:13       elasticsearch/ kibana/ dsl/ elk

问题描述

In my elastic search index, each document will have two date fields createdDate and modifiedDate .在我的弹性搜索索引中,每个文档都有两个日期字段createdDatemodifiedDate I'm trying to add a filter in kibana to fetch the documents where the modifiedDate is greater than createdDate .我正在尝试在 kibana 中添加一个过滤器来获取modifiedDate大于createdDate的文档。 How to create this filter in kibana?如何在kibana中创建这个过滤器?
Tried Using below query instead of greater than it is considering as gte and fetching all records尝试使用下面的查询而不是大于它被认为是 gte 并获取所有记录

GET index/_search
{
  "query": {
    "bool": {
      "filter": {
        "script": {
          "script" : {
                        "inline" : "doc['modifiedTime'].value.getMillis() > doc['createdTime'].value.getMillis()",
                        "lang"   : "painless"
                        }
        }
      }
    }
  }
}

1 个解决方案

解决方案1
 2 已采纳  2022-01-11 13:01:17

There are a few options.有几个选项。

Option A: The easiest and most performant one is to store the difference of the two fields inside a new field of your document, eg选项 A:最简单和最高效的一种是将两个字段的差异存储在文档的新字段中,例如

{
   "createDate": "2022-01-11T12:34:56Z",
   "modifiedDate": "2022-01-11T12:34:56Z",
   "diffMillis": 0
}
{
   "createDate": "2022-01-11T12:34:56Z",
   "modifiedDate": "2022-01-11T12:35:58",
   "diffMillis": 62000
}

Then, in Kibana you can query on diffMillis > 0 and figure out all documents that have been modified after their creation.然后,在 Kibana 中,您可以查询diffMillis > 0并找出在创建后已修改的所有文档。

Option B: You can use a script query选项 B:您可以使用script查询

GET index/_search
{
  "query": {
    "bool": {
      "filter": {
        "script": {
          "script": """
            return doc['createdDate'].value.millis < doc['modifiedDate'].value.millis;
          """
        }
      }
    }
  }
}

Note: depending on the amount of data you have, this option can potentially have disastrous performance, because it needs to be evaluated on ALL of your documents.注意:根据您拥有的数据量,此选项可能会带来灾难性的性能,因为需要对您的所有文档进行评估。

Option C: If you're using ES 7.11+, you can use runtime fields directly from the Kibana Discover view .选项 C:如果您使用的是 ES 7.11+,则可以直接从Kibana Discover 视图中使用运行时字段

You can use the following script in order to add a new runtime field (eg name it diffMillis ) to your index pattern:您可以使用以下脚本向索引模式添加新的运行时字段(例如,将其命名为diffMillis ):

emit(doc['modifiedDate'].value.millis - doc['createdDate'].value.millis)

And then you can add the following query into your search bar然后您可以将以下查询添加到您的搜索栏中

diffMillis > 0

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在ElasticSearch中比较同一文档中的两个字段? - How to compare two fields in the same document in ElasticSearch? 比较来自按日期分区的不同索引的两个elasticsearch文档字段 - Compare two elasticsearch document fields from different indexes partitioned by date 在不使用脚本 elasticsearch 的情况下比较同一文档中的两个字段 - Compare two fields in same document without using script elasticsearch ElasticSearch:比较文档中的两个地理位置 - ElasticSearch: compare two geopoints in document 如何在带有Nest的Elasticsearch查询中比较文档的两个属性的十进制值? - How to compare decimal values of two properties of a document in an Elasticsearch query with Nest? 如何在Elasticsearch中对同一文档进行最大日期汇总? - How to do a max date aggregation over the same document in Elasticsearch? 如何在 elasticsearch 中的同一文档上按两个不同的属性排序? - How to order by two different attributes on same document in elasticsearch? 如何在ElasticSearch中查询一个数组中同一字段中的两个字段? - How to query for two fields in one and the same tuple in an array in ElasticSearch? 如何获取 elasticsearch 中文档的开始日期和结束日期字段之间的每一天的存储桶 - How to get a bucket for each day between start date and end date fields of a document in elasticsearch 如何在Elasticsearch中突出显示日期字段? - How to highlight date fields in Elasticsearch?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM