尝试在我的时间轴查询中添加一个条件,以在“ hour_utc”在一定范围内时采用多个区域的字节总和。
(菊苣6.4.2) 例如:(将产生100%)
.es(index="index_*", timefield="@timestamp", metric="sum:bytes
metric",q="region:(North America AND Japan )
").divide(.es(index="index_*", timefield="@timestamp",
metric="sum:bytes metric")).multiply(100).bars()
添加条件:
.es(index="index_*", timefield="@timestamp", metric="sum:bytes
metric",q="region:(North America AND Japan ) AND hours_utc:[6 TO 10]
").divide(.es(index="ms_nte*", timefield="@timestamp",
metric="sum:bytes metric")).multiply(100).bars()
但是由于某些原因,AND hours_utc:[6 TO 10]的语法似乎不起作用,但基于此:
Lucene Query String Elasticsearch "less than or equal to"[URI Search]
它应该是正确的语法