所以我有一个带有时间戳的索引,格式如下:
2015-03-20T12:00:00+0500
我想在SQL等价物中做的是:
select date(timestamp), sum(orders)
from data
where time(timestamp) < time(now)
group by date(timestamp)
我知道我需要汇总但是,目前我已尝试过以下基本搜索查询,但我收到了错误的错误:
{
"size": 0,
"query":
{
"filtered":
{
"query":
{
"match_all" : {}
},
"filter":
{
"range":
{
"@timestamp":
{
"from": "00:00:01.000",
"to": "15:00:00.000"
}
}
}
}
}
}
答案 0 :(得分:0)
您确实需要聚合,特别是date histogram聚合。像
这样的东西{
"query": {"match_all": {}},
"aggs": {
"by_date": {
"date_histogram": {
"field": "timestamp",
"interval": "day"
},
"aggs": {
"order_sum": {
"sum": {"field": "foo"}
}
}
}
}
}
首先,您有一个按日期对文档进行分组的分组聚合,然后在一个度量聚合内,为每个存储桶计算一个值(在本例中为总和)
将返回表格
的数据{
...
"aggregations": {
"by_date": {
"buckets": [
{
"key_as_string": "2015-03-01T00:00:00.000Z",
"key": 1425168000000,
"doc_count": 8644,
"order_sum": {
"value": 1234
}
},
{
"key_as_string": "2015-03-02T00:00:00.000Z",
"key": 1425254400000,
"doc_count": 8819,
"order_sum": {
"value": 45678
}
},
...
]
}
}
}