[英]opendistro query for last n minutes
{
"query": "SELECT COUNT(*) AS result FROM my-index WHERE ['field1'] > 3"
}
上面的查询给出了结果。 我正在尝试过滤最后 15 分钟的计数。 尝试以下查询
{
"query": "SELECT COUNT(*) AS result FROM my-index WHERE ['field1'] > 3000 AND time > NOW() - INTERVAL 15 MINUTE
}
这给出了错误
{
"error": {
"reason": "Invalid SQL query",
"details": "Failed to parse SqlExpression of type class com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr. expression value: NOW() - INTERVAL 15 MINUTE",
"type": "SqlParseException"
},
"status": 400
}
也尝试使用实际日期时间进行过滤
time > 2022-06-04 14:00
但有错误
{
"error": {
"reason": "Invalid SQL query",
"details": "illegal sql expr : <query>",
"type": "ParserException"
},
"status": 400
}
请求建议我如何过滤最后 n 分钟的记录?
我什至尝试过范围查询
{
"query": {
"bool": {
"must": [
{
"range": {
"field1": {
"gte": 3
}
}
},
{
"range": {
"time": { "from" : "30 minutes ago", "to" : "now" }
}
}
]
}
}
}
它没有给出任何结果。 如果我删除时间范围查询,那么它会给出结果
我能够使用纪元时间戳进行过滤
{
"query": "SELECT COUNT(*) AS result FROM my-index WHERE ['field1'] > 3000 AND ['time'] > 1654338744000
}
给出结果
{
"took": 5,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1958,
"max_score": 0,
"hits": []
},
"aggregations": {
"result": {
"value": 1958
}
}
}
Elasticsearch Lucene 查询语法在时间字段中加减 N 分钟?
[英]Elasticsearch Lucene query syntax to add and subtract N minutes with time field?
ElasticSearch:Opendistro SQL:由于有问题的符号 [.11],无法解析查询
[英]ElasticSearch: Opendistro SQL: Failed to parse query due to offending symbol [.11]
如何将 fluentd 连接到 elasticsearch 的 opendistro
[英]How to connect fluentd to opendistro for elasticsearch
如何为 ElasticSearch(常规或 OpenDistro)配置 LDAP?
[英]How to configure LDAP for ElasticSearch (regular or OpenDistro)?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.