请耐心等待,因为我是Elastic Search的新手。以下是进入Elastic Search的数据管道的架构。最底部的“ updated_at”字段是“时间戳”。该数据的新记录每两个小时通过管道传送到ES,同时还带有一个“ updated_at”时间戳。我想编写一个DSL查询,该查询仅按每天的最大(最新)时间戳提取每条记录,但是我不确定如何或从何处开始。我尝试使用aggs,但距离还不太远。
{
"_index" : "analyticspeoplecountbycompany",
"_type" : "analytics_PeopleCountByCompany",
"_id" : "2hmEZW4Bxxxxx",
"_score" : 1.0,
"_source" : {
"data" : {
"result" : {
"result" : [
{
"EntityName" : "",
"Type" : "analytics_PeopleCountByCompany",
"Value" : null,
"Template" : {
"Company" : "XXX",
"Claimed" : "2",
"Not Claimed" : "49",
"Type" : "analytics_PeopleCountByCompany"
}
},
{
"EntityName" : "",
"Type" : "analytics_PeopleCountByCompany",
"Value" : null,
"Template" : {
"Company" : "YYY",
"Claimed" : "75",
"Not Claimed" : "108",
"Type" : "analytics_PeopleCountByCompany"
}
},
{
"EntityName" : "",
"Type" : "analytics_PeopleCountByCompany",
"Value" : null,
"Template" : {
"Company" : "ZZZ",
"Claimed" : "34",
"Not Claimed" : "92",
"Type" : "analytics_PeopleCountByCompany"
}
},
{
"EntityName" : "",
"Type" : "analytics_PeopleCountByCompany",
"Value" : null,
"Template" : {
"Company" : "AAA",
"Claimed" : "97",
"Not Claimed" : "260",
"Type" : "analytics_PeopleCountByCompany"
}
{
"EntityName" : "",
"Type" : "analytics_PeopleCountByCompany",
"Value" : null,
"Template" : {
"Company" : "BBB",
"Claimed" : "92",
"Not Claimed" : "269",
"Type" : "analytics_PeopleCountByCompany"
}
}
]
},
"type" : "analytics_PeopleCountByCompany",
"description" : "Count of People by Company",
"updated_at" : "2019-11-13T16:06:47.704Z"