我有以下查询,该查询查找不包含以下任何字段的记录:timestamp_login,timestamp_logout,timestamp_signup和按user_city分组。
{
"query": {
"bool": {
"must": [],
"must_not": [
{
"exists": {
"field": "timestamp_login"
}
},
{
"exists": {
"field": "timestamp_logout"
}
},
{
"exists": {
"field": "timestamp_signup"
}
}
]
}
},
"aggs": {
"group_by_item": {
"terms": {
"script": "doc['user_city.keyword'].value?.toLowerCase()",
"size": 10,
"order": {
"_count": "desc"
}
}
},
"distinct_terms": {
"cardinality": {
"script": "doc['user_city.keyword'].value?.toLowerCase()"
}
}
},
"size": 0
}
但是,查询经常超时。有没有更有效的方式来提取缺少字段列表的记录?另外,我正在运行ES 5.6。
感谢您的帮助!