我需要根据日期过滤一组值(此处添加字段),然后按device_id对其进行分组。所以我使用以下内容:
{
"aggs":{
"dates_between":{
"filter": {
"range" : {
"added" : {
"gte": "2014-07-01 00:00:00",
"lte" :"2014-08-01 00:00:00"
}
}
},
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
}
}
}
}
}
}
执行查询时,这给了我一个错误"Failed to parse source"。这是正确的做法吗?
如果我只执行日期聚合,则显示的值不在指定的日期范围内
答案 0 :(得分:4)
另一种方式dates_between是group_by_device_id
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
},
"aggs": {
"dates_between": {
"filter": {
"range": {
"added": {
"gte": "2014-07-01 00:00:00",
"lte": "2014-08-01 00:00:00"
}
}
}
}
}
}
}
您还可以将过滤器移动到查询中:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"range": {
"added": {
"gte": "2014-07-01 00:00:00",
"lte": "2014-08-01 00:00:00"
}
}
}
}
},
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
}
}
}
}