elasticsearch中的一些数据如下:
{"info":"fwefwefwef","is_fail":0,"result":404,"key":"845722d85520c91f345b08aba3233c96","duration":1,"lts_at":1479786902}
'lts_at'是'时间戳,我想按'floor(lts_at / 300)'中的数据进行分组
{
"aggs": {
"per_5minute": {
"terms": {
"field": "lst_at/300"
}
}
}
如何编写聚合查询?
答案 0 :(得分:0)
您可以尝试使用间隔为5分钟的date_histogram aggregation,如下所示:
{
"aggs" : {
"per_5minute" : {
"date_histogram" : {
"field" : "lst_at",
"interval" : "5m"
}
}
}
}
如果您想坚持terms聚合,那么您需要使用脚本:
{
"aggs": {
"per_5minute": {
"terms": {
"script": {
"inline": "Math.floor(doc.lst_at.value / 300)"
}
}
}
}
为此,您需要enable dynamic scripting