如何在Elasticsearch中按天聚合查询?

时间:2018-03-07 15:06:06

标签: elasticsearch lucene

我需要一个可以返回去年数据的查询,按天分组。到目前为止,我已经编写了一个返回整年数据的查询(我希望它是正确的),但我不知道如何按天分组数据。

"query" : {
            "range" : {
                    "timestamp" : {
                                 "gt" : "2017-01-01 00:00:00",
                                 "lt" : "2018-01-01 00:00:00"
                       }
               }
        }

非常感谢任何帮助。

我正在使用Elasticsearch 6.2.2。

1 个答案:

答案 0 :(得分:2)

您可以查看date_histogram聚合

POST my_index/my_type/_search
{
  "size": 0, 
  "aggs": {
    "bucketName": {
      "date_histogram": {
        "field": "timestamp",
        "interval": "day",
        "min_doc_count": 1,
        "format": "yyyy-MM-dd",
        "order": {"_key": "desc"}
      }
    }
  }
}

它会返回你这样的东西

{
  "took": 23,
  "timed_out": false,
  "_shards": {
    "total": 6,
    "successful": 6,
    "failed": 0
  },
  "hits": {
    "total": 112233,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "bucketName": {
      "buckets": [
        {
          "key_as_string": "2018-03-07",
          "key": 1520380800000,
          "doc_count": 1
        },
        {
          "key_as_string": "2018-03-06",
          "key": 1520294400000,
          "doc_count": 93
        },
        {
          "key_as_string": "2018-03-05",
          "key": 1520208000000,
          "doc_count": 99
        },
        {
          "key_as_string": "2018-03-04",
          "key": 1520121600000,
          "doc_count": 33
        },
        {
          "key_as_string": "2018-03-03",
          "key": 1520035200000,
          "doc_count": 29
        }
      ]
    }
  }
}
相关问题
最新问题