如何在同一索引的elasticsearch中执行JOIN操作?
这是每个文件的字段集:
"@version": "1",
"@timestamp": "2016-04-26T15:56:05.379Z",
"phone": "..."
"path": "...",
"host": "...",
"type": "...",
"clientip": "...",
"ident": "-",
"auth": "-",
"timestamp": "...",
"verb": "...",
"uripath": "...",
"httpversion": "1.1",
"response": "200",
"bytes": "515",
"timetaken": "383",
"event_type": "type1"
}
如果我想获得手机的 event_type type1 ,时间戳 < em> date1 和 date2 )和 type2 的 event_type ,时间戳 date3 和 date4 )
在mysql中思考是两个视图之间的连接
答案 0 :(得分:0)
我可能不是最优化的请求,但它有效:
protocol BoundsType: Comparable {
func *(lhs: Self, rhs: Self) -> Self
var prev: Self { get }
var next: Self { get }
init(double: Double)
init<M:Measurement>(measurement:M)
}
protocol Percentage {
associatedtype BoundsType
var toBoundsType: BoundsType { get }
}
protocol Measurement {
associatedtype BoundsType
var toBoundsType: BoundsType { get }
}
struct Bounds<A: BoundsType, P:Percentage, M:Measurement
where P.BoundsType == A, M.BoundsType == A> {
let lower: A
let upper: A
init(value: Double, tolerance: P) {
self.lower = A(double:value) * (tolerance.toBoundsType.prev)
self.upper = A(double:value) * (tolerance.toBoundsType.next)
}
init(value: M, tolerance: P) {
self.lower = A(measurement:value) * tolerance.toBoundsType.prev
self.upper = A(measurement:value) * tolerance.toBoundsType.next
}
}
它将返回所有具有type_的event_type,date1和date2之间的时间戳以及event_type为type2,date3和date4之间的时间戳的所有文档。
{
"query": {
"filtered": {
"filter": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"range": {
"timestamp ": {
"lte": date1,
"gte": date2
}
}
},
{
"term": {
"event_type ": "type1"
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"timestamp ": {
"lte": date3,
"gte": date4
}
}
},
{
"term": {
"event_type ": "type2"
}
}
]
}
}
]
}
}
}
}
}
将返回所有尊重其任何部分的文档。