我正在尝试创建查询以输出比率。第一个数字是OutageTime字段的总和。第二个数字是脚本字段。
这是我的地图:
{
"ms-services-2018.10.11": {
"mappings": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"EmailDirection": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"OutageTime": {
"type": "long"
},
"RequestedDateTime": {
"type": "date"
},
"SearchRangeMinutes": {
"type": "long"
},
"host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"isServiceAvailable": {
"type": "boolean"
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
},
"ms-services-2018.10.12": {
"mappings": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"EmailDirection": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"OutageTime": {
"type": "long"
},
"RequestedDateTime": {
"type": "date"
},
"SearchRangeMinutes": {
"type": "long"
},
"host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"isServiceAvailable": {
"type": "boolean"
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
这是我的查询:
GET index-*/_search
{
"_source": {
"includes": [ "RequestedDateTime"]
},
"aggs":{
"TotalOutageTimSeconds":{
"sum":{
"script":"doc['OutageTime'].value"
}
}
},
"sort":[{
"RequestedDateTime":{
"order":"asc"
}
}],
"size": 1,
"script_fields":{
"AvailabilityRatio":{
"script":"(1 - (TotalOutageTimSeconds / (new Date().getTime() - doc['RequestedDateTime'].value.getMillis()) / 1000))"
}
}
}
基于我的映射和查询,是否可以在脚本化查询(AvailabilityRatio)中使用聚合结果(TotalOutageTimSeconds)?