Elasticsearch 多词查询的最后一个文档
[英]Elasticsearch Last document of multiple term queries
问题描述
我需要获取每个界面的最后一个文档,我玩过不同的查询,但我可以得到想要的结果,下面是我的最后一次尝试。
能不能帮我获取一下现场吞吐量存在的每个接口的最后一个文件?
谢谢
GET /interface-2021.11/_search
{
"query": {
"bool": {
"should": [
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/2 on (EXT-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/1 on (EXT-02)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/61 on (DC-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/17 on (DC-02)"
}
}
}
],
"minimum_should_match": 1,
"filter": [
{
"exists": {
"field": "throughput"
}
}
]
}
},
"aggs": {
"top_date": {
"top_hits": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
1 个解决方案
解决方案1
0 2021-11-16 06:39:59
干得好,你走在正确的道路上! 您只需要按interface_name.keyword聚合并获得每个接口的最高命中。
这是将按您期望的方式工作的查询:
{
"size": 0,
"query": {
"bool": {
"should": [
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/2 on (EXT-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/1 on (EXT-02)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/61 on (DC-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/17 on (DC-02)"
}
}
}
],
"minimum_should_match": 1,
"filter": [
{
"exists": {
"field": "throughput"
}
}
]
}
},
"aggs": {
"interfaces": {
"terms": {
"field": "interface_name.keyword"
},
"aggs": {
"top_date": {
"top_hits": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}
Elasticsearch nester_filter具有多个术语查询
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.