如果SUMVALUE在startDate和endDate之间的RANGE之下,任何人都可以帮助我如何将两个字段中的两个值(ts +持续时间)和进行比较。最后在聚合下进行排序。谢谢
{
"_index" : "conn",
"_type" : "logs",
"_id" : "AVa8ThhDvPxUqjjShMXt",
"_score" : 0.0,
"_source" : {
"ts" : "2016-08-24T11:26:26.066429Z",
"uid" : "CBnx2VffmLzE5CvE7",
"proto" : "udp",
"duration" : 3.003767,
"orig_bytes" : 696,
"resp_bytes" : 0,
"conn_state" : "S0",
"local_orig" : false,
"local_resp" : false,
"missed_bytes" : 0,
"history" : "D",
"orig_pkts" : 4,
"orig_ip_bytes" : 808,
"resp_pkts" : 0,
"resp_ip_bytes" : 0,
"tunnel_parents" : [ ],
"@version" : "1",
"@timestamp" : "2016-08-24T11:26:26.066Z",
"path" : "/usr/local/logs/current/conn.log",
"host" : "oracle",
"tags" : [ "conn" ],
"id_orig_h" : "10.3.28.100",
"id_orig_p" : 58548,
"id_resp_h" : "239.255.255.250",
"id_resp_p" : 1900
}
} ]
},