我想比较两个时期的相同值,以便我可以编写一个计算百分比差异的脚本。我的数据如下:
{
"type": "Redemption",
"@timestamp": "2016-08-05T16:12:55.594909118+01:00",
"points": 1109,
"value": 5.545
}
我的查询如下:
{
"aggs" : {
"points_per_week" : {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "week",
"format" : "yyyy-MM-dd"
},
"aggs": {
"total_points": {
"sum": {
"field": "points"
}
},
"points_last_week": {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "week",
"format" : "yyyy-MM-dd",
"offset":"-1w"
},
"aggs": {
"total_points": {
"sum": {
"field": "points"
}
}
}
}
}
}
}
}
然而,结果如下:
"points_per_week": {
"buckets": [
{
"key_as_string": "2016-02-01",
"key": 1454284800000,
"doc_count": 8335,
"total_points": {
"value": 12537515
},
"points_last_week": {
"buckets": [
{
"key_as_string": "2016-02-05",
"key": 1454630400000,
"doc_count": 8335,
"total_points": {
"value": 12537515
}
}
]
}
},
它看起来好像是当前的一周,但不是最后一周......有办法吗?
答案 0 :(得分:1)
这是一个老问题,但以防万一有人能像我一样找到它 可以通过https://www.elastic.co/guide/en/kibana/current/timelion-create.html实现 Timelian和偏移功能
.es(offset=-1h,index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('last hour'), .es(index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('current hour')
尝试看看Timelion:Kibana的时间序列作曲家 https://www.elastic.co/blog/timelion-timeline