在弹性系统中查询由日期和IP提交的muilt

时间:2015-11-19 17:19:24

标签: elasticsearch

来自下一个josn数据的elasticsearch数据加载

。 ,我想获取弹性搜索中每个ip的cpu0和in_eth1的最大值,并按日期排序,所以有人可以帮我处理流动的查询?

{
  "ip":"10.235.13.172",
  "date":"2015-11-09",
  "time":"18:30:00",
  "cpu0":7"cpu13":2,
  "cpu14":1,
  "diskio(%)":0,
  "memuse(MB)":824,
  "in_eth1(Mbps)":34
}
     "aggs": {
         "events_by_date": {
            "date_histogram": {
               "field": "date",
               "interval": "day"
            },
           "aggs" : {
                   "genders" : {
                       "terms" : {
                           "field" : "ip",
                           "size": 100000,
                            "order" : { "_count" : "asc" }
                       },
                       "aggs" : {
                           "maxcpu" : { "max" : { "field" : "cpu(%)" } },
                           "maxin" : { "max" : { "field" : "in_eth1(Mbps)" } },
                       }
                   }
               }
         }
      }

0 个答案:

没有答案
相关问题
最新问题