我有以下给定的查询,该查询应该找到给定小时范围的平均条目数,即从15:00到16:00。
此查询无法正常运行。如何指定小时范围(没有日期)并找到每个范围的平均条目数?
POST /myindex/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{"term": {"EventId": "11"}},
{"term": {"EventType": "Type1"}}
]
}
},
"aggs": {
"range": {
"date_range": {
"field": "Datetime",
"ranges": [
{
"from": "16:00-1H/H",
"to": "16:00/H"
}
]
}
}
}
}
我应该使用移动平均线吗?怎么样?
我试过这个,但我很感激有人可以帮我完成这个查询。我不知道"value_count" : { "field" : "EventHour"}是否是计算条目数量的正确方法。如何在此查询中正确添加小时数范围?:
POST /myindex/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{"term": {"EventId": "11"}},
{"term": {"EventType": "Type1"}},
{
"script": {
"script": "doc.date.date.getHourOfDay() >= min && doc.date.date.getHourOfDay() <= max",
"params": {
"min": 15,
"max": 16
}
}
}
]
}
},
"aggs": {
"hourly_intensity": {
"date_histogram": {
"field": "Datetime",
"interval": "hour"
},
"aggs": {
"count_of_events": {
"value_count" : { "field" : "EventHour"}
}
}
},
"hourly_avg_count": {
"avg_bucket": {
"buckets_path": "hourly_intensity>count_of_events"
}
}
}
}
答案 0 :(得分:0)
我自己找到了解决方案:
POST /myindex/_search
{
"size": 0,
"query": {
"bool": {
"filter": [
{"term": {"EventId": "11"}},
{"term": {"EventType": "Type1"}},
{"term": {"EventHour": 15}}
]
}
},
"aggs": {
"hourly_intensity": {
"date_histogram": {
"field": "Datetime",
"interval": "hour"
},
"aggs": {
"count_of_events": {
"value_count" : { "field" : "EventHour"}
}
}
},
"avg_num_events_per_hour": {
"avg_bucket": {
"buckets_path": "hourly_intensity>count_of_events"
}
}
}
}