Question

我试图将边界值包含在响应中，但它总是根据间隔向上舍入到最近的结束时间。例如，如果我询问10点20分到10点42分的数据，间隔为5分钟，它将返回

的数据

10:20 - 10:25 - 10:30 - 10:30 - 10:35 - 10:40但是最后10：40-1：42永远不会回来，我怎么能这样做这是查询和回复。

查询

    {
    "query": {
        "filtered": {
            "filter": {
                "bool": {
                    "must": [{
                        "range": {
                            "timestamp": {
                                "gte": 1486443000000,
                                "lte": 1486446240000
                            }
                        }
                    }, {
                        "term": {
                            "applicationId": "******"
                        }
                    }, {
                        "term": {
                            "hostId": "*******"
                        }
                    }]
                }
            }
        }
    },
    "filter": {
        "limit": {
            "value": 0
        }
    },
    "aggs": {
        "time": {
            "histogram": {
                "field": "timestamp",
                "interval": 300000,
                "min_doc_count": 0,
                "extended_bounds": {
                    "min": 1486443000000 ,
                    "max": 1486446240000
                }
            },
            "aggs": {
                "establishedConnections": {
                    "sum": {
                        "field": "establishedConnections"
                    }
                }
            }
        }
    },
    "sort": {
        "timestamp": {
            "order": "desc"
        }
    }
}

{
    "took": 8,
    "timed_out": false,
    "_shards": {
      "total": 21,
      "successful": 21,
      "failed": 0
    },
    "hits": {
      "total": 0,
      "max_score": null,
      "hits": []
    },
    "aggregations": {
      "time": {
        "buckets": [
          {
            "key_as_string": "2017-02-07T04:50:00.000Z",
            "key": 1486443000000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 13
            }
          },
          {
            "key_as_string": "2017-02-07T04:55:00.000Z",
            "key": 1486443300000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 20
            }
          },
          {
            "key_as_string": "2017-02-07T05:00:00.000Z",
            "key": 1486443600000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 7
            }
          },
          {
            "key_as_string": "2017-02-07T05:05:00.000Z",
            "key": 1486443900000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 14
            }
          },
          {
            "key_as_string": "2017-02-07T05:10:00.000Z",
            "key": 1486444200000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 13
            }
          },
          {
            "key_as_string": "2017-02-07T05:15:00.000Z",
            "key": 1486444500000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 12
            }
          },
          {
            "key_as_string": "2017-02-07T05:20:00.000Z",
            "key": 1486444800000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 9
            }
          },
          {
            "key_as_string": "2017-02-07T05:25:00.000Z",
            "key": 1486445100000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 14
            }
          },
          {
            "key_as_string": "2017-02-07T05:30:00.000Z",
            "key": 1486445400000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 19
            }
          },
          {
            "key_as_string": "2017-02-07T05:35:00.000Z",
            "key": 1486445700000,
            "doc_count": 50,
            "establishedConnections": {
              "value": 13
            }
          },
          {
            "key_as_string": "2017-02-07T05:40:00.000Z",
            "key": 1486446000000,
            "doc_count": 40,
            "establishedConnections": {
              "value": 8
            }
          }
        ]
      }
    }
  }

Answer 1

问题是，在查询的聚合部分，您要求：

    "aggs": {
        "time": {
            "histogram": {
                "field": "timestamp",
                "interval": 300000,
                "min_doc_count": 0,
                "extended_bounds": {
                    "min": 1486443000000 ,
                    "max": 1486446240000
                }
            },
            "aggs": {
                "establishedConnections": {
                    "sum": {
                        "field": "establishedConnections"
                    }
                }
            }
        }
    }

并且在interval值中，您指定了 300000 ，其中以毫秒为单位 5分钟，这就是为什么从10开始的最后一个间隔：丢弃42，并将来自该间隔的所有文档放在密钥10:40下。

使这更正式：

执行聚合时，将评估每个文档的时间字段，并将其向下舍入到最近的存储桶。这是使用的舍入函数：

bucket_key = Math.floor((value - offset) / interval) * interval + offset

弹性搜索包括边界值时间戳

1 个答案: