这些是在我的ES集群6.8版中索引的示例文档(基于事件)
{
"user_id": "user1",
"account_id": "account1",
"event_name": "event-1",
"created_dt": "2019-09-30T08:40:42.297Z"
}
{
"user_id": "user1",
"account_id": "account1",
"event_name": "event-2",
"created_dt": "2019-10-30T08:40:42.297Z"
}
{
"user_id": "user2",
"account_id": "account1",
"event_name": "event-1",
"created_dt": "2019-10-30T08:40:42.297Z"
}
映射文档
{
"mappings": {
"properties": {
"user_id": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},
"account_id": {
"type": "keyword"
},
"event_name": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},
"created_dt": {
"type": "date"
}
}
}
}
我要完成的工作是动态获取在规定的时间使用event_name“ event-1”和“ event-2”的用户列表。
下面具有2个条件的查询必须以“ event_name”字段为条件,最终导致结果为空。
{
"query": {
"bool": {
"must": [
{
"match": {
"account_id": "account1"
}
},
{
"bool": {
"must": [
{
"match": {
"event_name.raw": "event-1"
}
},
{
"range": {
"created_dt": {
"gte": "2019-09-30",
"lte": "2019-10-30"
}
}
}
]
}
},
{
"bool": {
"must": [
{
"match": {
"event_name.raw": "event-2"
}
},
{
"range": {
"created_dt": {
"gte": "2019-10-30",
"lte": "2019-11-05"
}
}
}
]
}
}
]
}
},
"size": 0,
"aggs": {
"user_list": {
"terms": {
"field": "user_id.raw"
}
}
}
}
获取所需存储段文档的理想方法是什么?可以使用IN和子查询在SQL中完成,但在ES中看起来并不容易
答案 0 :(得分:0)
尝试此查询
GET my_index/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"account_id": "account1"
}
},
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"term": {
"event_name.raw": "event-1"
}
},
{
"range": {
"created_dt": {
"gte": "2019-09-30",
"lte": "2019-10-30"
}
}
}
]
}
},
{
"bool": {
"must": [
{
"term": {
"event_name.raw": "event-2"
}
},
{
"range": {
"created_dt": {
"gte": "2019-10-30",
"lte": "2019-11-05"
}
}
}
]
}
}
],
"filter": {
"term": {
"event_name.raw": "event-2"
}
}
}
}
]
}
},
"size": 0,
"aggs": {
"user_list": {
"terms": {
"field": "user_id.raw"
}
}
}
}
希望有帮助