如何通过日期字段中Elasticsearch
问题描述:
REST API调用聚集不同领域如何通过日期字段中Elasticsearch
GET test10/LREmail10/_search/
{
"size": 10,
"query": {
"range": {
"ALARM DATE": {
"gte": "now-15d/d",
"lt": "now/d"
}
}
},
"fields": [
"ALARM DATE",
"CLASSIFICATION"
]
}
出来放的一部分,
"took": 25,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 490,
"max_score": 1,
"hits": [
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6XaShke4hy5dziK",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Attack"
],
"ALARM DATE": [
"25/02/2016 8:35:22 AM(UTC-08:00)"
]
}
},
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6e_Shke4hy5dziL",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Compromise"
],
"ALARM DATE": [
"25/02/2016 8:36:16 AM(UTC-08:00)"
]
}
},
我真的想在这里做的,通过报警汇总分类日期。日期的默认格式也有分钟,秒和时区。但是我想要为每一个和每一个日期集中所有的分类。因此,"25/02/2016 8:36:16 AM(UTC-08:00)"和"25/02/2016 8:35:22 AM(UTC-08:00)"应视为"25/02/2016"日期。并得到所有的分类属于一个日期。
我希望我已经正确地解释了问题。如果你们需要更多的细节让我知道。
如果有人能给我一个提示,看看Elasticsearch的哪个区域也很有帮助。
答
使用date_histogram像下面一样。
{
"size" :0 ,
"aggs": {
"classification of day": {
"date_histogram": {
"field": "ALARM DATE",
"interval": "day"
},
"aggs": {
"classification": {
"terms": {
"field": "CLASSIFICATION"
}
}
}
}
}
}
谢谢,它的作品非常漂亮。 – newday