我正在尝试计算基于小时的弹性搜索文档的两个日期字段之间的总时差(以分钟为单位)。
弹性搜索中的文档如下:
[
{
"name": "rakesh",
"age": "26",
"email": "rakesh@gmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "sam",
"age": "24",
"email": "samjoe@elastic.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "joseph",
"age": "26",
"email": "joseph@gmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
},
{
"name": "genny",
"age": "24",
"email": "genny@hotmail.com",
"createdDate": "1549458543000",
"updatedDate": "1549458723000"
}
]
使用上述文档,我们需要获取updateDate和createdDate之差以及在同一小时内创建的具有相同timediff的文档数。
从上述示例数据中,我们需要将输出提取为-
for hour 1549458000000 there are 4 documents which are updated within the 4 minutes
of time.
我可以使用脚本字段获取timediff
"script_fields" : {
"timeDiff" : {
"script" : "doc['updatedDate'].value -
doc['createdDate'].value"
}
}
和 我尝试的计数汇总是
{
"size": 0,
"aggs": {
"hour": {
"date_histogram": {
"field": "createdDate",
"interval": "hour",
"time_zone": "Asia/Calcutta",
"min_doc_count": 1
},
"aggs": {
"mail_count": {
"value_count": {
"field": "email"
}
}
}
}
},
"query": {
"bool": {
"must": []
}
}
}
通过上面的查询,我可以获取特定时间的总文档数。 无论如何,有没有将这两个输出合并为一个输出。
预先感谢