Question

我想将sql查询转换为ES查询。

这是我的SQL查询

SELECT * FROM 
(SELECT order_number, MIN(log_datetime) as log_datetime 
FROM t_log 
WHERE mall_id='amazon' AND action_name='order_register' AND log_level='3' 
GROUP BY order_number) as temp
WHERE log_datetime BETWEEN '2018-11-16 00:00:00' AND '2018-11-16 23:59:59';

和我的es查询

{
  "size": 0,
  "query": {
    "constant_score": {
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "mall_id": "devsdkwms1001"
              }
            },
            {
              "term": {
                "action_name": "order_register"
              }
            },
            {
              "term": {
                "log_level": 3
              }
            }
          ]
        }
      }
    }
  },
  "aggs": {
    "temp": {
      "range": {
        "field": "log_datetime",
        "ranges": [
          {
            "from": "2018-11-16 00:00:00",
            "to": "2018-11-16 23:59:59"
          }
        ]
      },
      "aggs": {
        "result": {
          "terms": {
            "field": "order_number",
            "size": 0
          }
        }
      }
    }
  }
}

我的es查询..无法正常工作。我找不到在Elastic Search中过滤汇总结果的方法。过滤后才能汇总。有什么办法吗？谢谢

Answer 1

如果要过滤agg结果，请查看bucker选择器： https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline-bucket-selector-aggregation.html

聚合后的Elasticsearch过滤器

1 个答案: