我的索引包含的文档如下所示:
"_source": {
"price": "11",
"loggingdate": "15/02/2016 08:56:58",
}
我需要一个查询,将今年10:00 - 12:00 之间价格值中的所有值相加
我需要每小时的总时间(10:00,11:00,12:00)这给了我总计3小时的结果(只有1个项目在桶中)但我需要每小时分开(三个项目在斗)
{
"size":0,
"query":{
"filtered":{
"filter":{
"bool":{
"must":[
{
"range":{
"loggingdate":{
"gte":"now-1y"
}
}
},
{
},
{
"script":{
"script":"doc.loggingdate.date.getHourOfDay() >= 10 && doc.loggingdate.date.getHourOfDay() <= 12"
}
}
]
}
}
}
},
"aggs": {
"by_hour": {
"date_histogram": {
"field": "loggingdate",
"interval": "hour"
},
"aggs": {
"total": {
"sum": {
"field": "price"
}
}
}
}
}
}
结果:
"aggregations": {
"by_hour": {
"buckets": [
{
"key_as_string": "15/01/2016 10:00:00",
"key": 1452852000000,
"doc_count": 58453,
"total": {
"value": 2106110494
}
},
{
"key_as_string": "15/01/2016 11:00:00",
"key": 1452855600000,
"doc_count": 23243,
"total": {
"value": 849522038
}
},
{
"key_as_string": "15/01/2016 12:00:00",
"key": 1452859200000,
"doc_count": 11994,
"total": {
"value": 430906409
}
},
{
"key_as_string": "17/01/2016 10:00:00",
"key": 1453024800000,
"doc_count": 1,
"total": {
"value": 0
}
},...
我想我需要在date_histogram中使用范围,但是如何在其他文档中加总所有价格值date_histogram只给出了范围内的文档..
有什么想法吗?
答案 0 :(得分:1)
您基本上需要一个range filter来选择所需年份的文档,然后选择另一个script filter,以便仅选择上午10点到12点之间的小时文档。最后,您只需要sum aggregation来汇总匹配文档的所有价格。
{
"query": {
"bool": {
"filter": [
{
"range": {
"loggingdate": {
"gte": "2016-01-01",
"lt": "2017-01-01"
}
}
},
{
"script": {
"script": "doc.loggingdate.date.getHourOfDay() >= min && doc.loggingdate.date.getHourOfDay() <= max",
"params": {
"min": 10,
"max": 12
}
}
}
]
}
},
"aggs": {
"total": {
"sum": {
"field": "price"
}
}
}
}
<强>更新
如果您需要按小时计算总数,则可以改为使用此聚合:
"aggs": {
"by_hour": {
"terms": {
"script": "doc.loggingdate.date.getHourOfDay()"
},
"aggs": {
"total": {
"sum": {
"field": "price"
}
}
}
}
}