使用Elasticsearch 1.1.1
我正在尝试在所有帐户的最后5分钟内为每秒“页面”视图构建一个查询(所以匹配所有帐户)。
映射是......
"xxx-20140526": {
"mappings": {
"xxx": {
"properties": {
"accountId": {
"type": "long"
},
"hitTime": {
"type": "date",
"format": "dateOptionalTime"
},
}
}
}
}
查询...
POST /xxx-20140526/xxx/_search
{
"filter": {
"range": {
"timeHit": {
"gte": "2014-05-26T13:40", //Date generated dynamically now - 5mins
"lt": "2014-05-26T13:45" //Date generated dynamically now
}
}
},
"aggs": {
"views_per_sec": {
"date_histogram": {
"field": "timeHit",
"interval": "second"
}
}
}
}
但聚合也会返回之前的值......
"aggregations": {
"trx_per_sec": {
"buckets": [
{
"key_as_string": "2014-05-26T13:36:46.000Z",
"key": 1401111166000,
"doc_count": 72
},
... Other dates in the 30 mins range here...
{
"key_as_string": "2014-05-26T13:42:47.000Z",
"key": 1401111167000,
"doc_count": 5013
}
}
}
1-聚合考虑过滤器吗? 2-这是过滤5分钟的正确方法,还是应该查看日期聚合?
我也试过......
{
"aggs": {
"range": {
"date_range": {
"field": "timeHit",
"format": "yyyy-MM-dd HH:mm:ss",
"ranges": [
{
"from": "now-5m"
}
]
}
}
}
}
但这似乎没有返回适量的文档。
答案 0 :(得分:18)
好的,所以我在这里工作的是查询...
{
"size": 0, <--- Size zero. Don't return any docs we only care about the aggregation.
"aggs": {
"last_5_mins": {
"filter": {
"range": {
"hitTime": {
"gte": "now-5m",
"lte": "now"
}
}
},
"aggs": {
"tps": {
"date_histogram": {
"field": "hitTime",
"interval": "second"
}
}
}
}
}
}