我在ES中执行了以下查询,根据字段acctstarttime返回HOURS以及更多访问次数。
但是因为我有相同的小时超过一天它返回相同的HOUR 2x,当预期1个结果为你的COUNT小时。
查询:
{
"size" : 0,
"query" : {
"filtered" : {
"query": {
"match": { "client_id" : 1 }
},
"filter" : {
"bool" : {
"must" : [
{
"range" : {
"acctstarttime" : {
"gte" : "2016-05-01 00:00:00",
"lte" : "2016-06-02 23:59:59"
}
}
}
]
}
}
}
},
"aggs" : {
"visits_per_hour" : {
"date_histogram" : {
"field" : "acctstarttime",
"interval" : "hour",
"format" : "HH"
}
}
}
}
结果:
"aggregations": {
"visits_per_hour": {
"buckets": [
{
"key_as_string": "17",
"key": 1463763600000,
"doc_count": 6
},
{
"key_as_string": "18",
"key": 1463767200000,
"doc_count": 3
},
{
"key_as_string": "22",
"key": 1464127200000,
"doc_count": 1
},
{
"key_as_string": "22",
"key": 1464300000000,
"doc_count": 2
},
{
"key_as_string": "22",
"key": 1464559200000,
"doc_count": 1
}
]
}
}
预期:
"aggregations": {
"visits_per_hour": {
"buckets": [
{
"key_as_string": "17",
"key": 1463763600000,
"doc_count": 6
},
{
"key_as_string": "18",
"key": 1463767200000,
"doc_count": 3
},
{
"key_as_string": "22",
"key": 1464127200000,
"doc_count": 4
}
]
}
}
答案 0 :(得分:1)
你有两个解决方案
hour,并在该字段上汇总script来提取小时并在其上聚合(注意:你需要enable dynamic scripting)第一种解决方案是首选解决方案,因为它会更高效。
第二个解决方案如下:
{
"size": 0,
"aggs": {
"visits_per_hour": {
"histogram": {
"script": "doc.acctstarttime.date.getHourOfDay()",
"interval": 1,
"order": {
"_key": "desc"
}
}
}
}
}