弹性搜索日期范围最大,最小日期

时间:2015-02-10 10:57:39

标签: elasticsearch

我的弹性搜索映射如下

[
    {
    "runTimeMilliSeconds": {
        "type": "long"
    },
    "syslogMessage": {
        "properties": {
            "DATE": {
                "type": "string"
            },
            "FACILITY": {
                "type": "string"
            },
            "FILE_NAME": {
                "type": "string"
            },
            "HOST": {
                "type": "string"
            },
            "HOST_FROM": {
                "type": "string"
            },
            "ISODATE": {
                "type": "date",
                "format": "dateOptionalTime"
            },
            "LEGACY_MSGHDR": {
                "type": "string"
            },
            "MESSAGE": {
                "type": "string"
            },
            "PID": {
                "type": "string"
            },
            "PRIORITY": {
                "type": "string"
            },
            "PROGRAM": {
                "type": "string"
            },
            "SOURCE": {
                "type": "string"
            }
        }
    }
    }
]

现在我想找出最后六个小时的数据,所以我写下面的查询

{
    "query": {
    "match_all": {
    }
    },
    "aggs": {
    "last_6_hours": {
        "filter": {
            "range": {
                "ISODATE": {
                    "gte": "now-6h",
                    "lte": "now"
                }
            }
        },
        "aggs": {
            "date_wise_logs_counts": {
                "date_histogram": {
                    "field": "ISODATE",
                    "interval": "1h"
                }
            }
        }
    }
    }
}

我返回结果如下

{
    "aggregations": {
    "last_6_hours": {
        "doc_count": 1933,
        "date_wise_logs_counts": {
            "buckets": [
                {
                    "key_as_string": "2015-02-10T04: 00: 00.000Z",
                    "key": 1423540800000,
                    "doc_count": 342
                },
                {
                    "key_as_string": "2015-02-10T05: 00: 00.000Z",
                    "key": 1423544400000,
                    "doc_count": 1591
                }
            ]
        }
    }
    }
}

但是我的问题是我想找出最大和最小时间,例如在上面的输出doc_count = 342中,所以我想要从这个计数产生的日期开始,所以我想要的输出如下

{
    "aggregations": {
    "last_6_hours": {
        "doc_count": 1933,
        "date_wise_logs_counts": {
            "buckets": [
                {
                    "key_as_string": "2015-02-10T04: 00: 00.000Z",
                    "key": 1423540800000,
                    "doc_count": 342,
                    "max": 1423540800000,
                    "min": 1423537239000
                },
                {
                    "key_as_string": "2015-02-10T05: 00: 00.000Z",
                    "key": 1423544400000,
                    "doc_count": 1591,
                    "max": 1423544400000,
                    "min": 1423540800000
                }
            ]
        }
    }
    }
}

从上面的输出中我预测doc_count = 342来自14235408000001423537239000的时间内向。我使用弹性搜索版本1.4.0

0 个答案:

没有答案