是否有等效于GeoTile Grid的日期的Elasticsearch汇总?

时间:2019-06-07 02:07:06

标签: elasticsearch elasticsearch-aggregation

假设我有一些像这样的基于时间的数据:

POST /events/_bulk?refresh
{"index":{"_id":1}}
{"timestamp": "2019-06-07T01:55:23.432+00:00", "type": "enter"}
{"index":{"_id":2}}
{"timestamp": "2019-06-07T01:58:33.100+00:00", "type": "exit"}
{"index":{"_id":3}}
{"timestamp": "2019-06-07T02:03:04.867+00:00", "type": "exit"}
{"index":{"_id":4}}
{"timestamp": "2019-06-07T02:12:11.108+00:00", "type": "enter"}
{"index":{"_id":5}}
{"timestamp": "2019-06-07T02:22:58.771+00:00", "type": "enter"}
{"index":{"_id":6}}
{"timestamp": "2019-06-07T03:37:28.844+00:00", "type": "exit"}

我想将彼此之间在15分钟之内发生的事件归为一组,就像GeoTile Grid将在地理位置上彼此相邻的点归为一组。

结果将如下所示:

{
    ...
    "aggregations": {
        "time-clumps": {
            "buckets": [
                {
                  "from" : "2019-06-07T01:55:23.432+00:00",
                  "to"   : "2019-06-07T02:10:23.432+00:00",
                  "doc_count" : 3
                },
                {
                  "from" : "2019-06-07T02:12:11.108+00:00",
                  "to"   : "2019-06-07T02:27:11.108+00:00",
                  "doc_count" : 2
                },
                {
                  "from" : "2019-06-07T03:37:28.844+00:00",
                  "to"   : "2019-06-07T03:52:28.844+00:00",
                  "doc_count" : 1
                }
            ]
        }
    }
}

是否可以在Elasticsearch中编写此查询?

1 个答案:

答案 0 :(得分:0)

我会用date_histogram aggregation来做到这一点:

POST /events/_search
{
    "size": 0,
    "aggs" : {
        "time-clumps" : {
            "date_histogram" : {
                "field" : "timestamp",
                "interval" : "15m"
            }
        }
    }
}
相关问题
最新问题