記錄一下關於日期的問題
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis" # 創建索引 PUT my_date1 { "mappings": { "properties": { "publicDate": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis", // 不管publicDate是什么格式, 存儲字段始終是字符串形式, 默認格式為第一種格式, 這里為yyyy-MM-ddHH:mm:ss // 同理, 如果yyyy-MM-dd在第一個, 那么格式化字符串形式就是yyyy-MM-dd "store": true } } } }
ElasticSearch使用kibana控制台查詢示例(帶時間范圍查詢)
#查詢transCode為OO06U001,並且根據@timestamp日期范圍過濾,求出該交易碼的最大、最小、平均耗時 GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "must": [ { "match": { "transCode.keyword": "OO06U001" } } ], "filter": { "range": { "@timestamp": { "gte":"2021-12-08 00:18:00", "lte":"2021-12-08 00:20:00", "time_zone":"+08:00", "format":"yyyy-MM-dd HH:mm:ss" } } } } }, "aggs": { "costTimeMax": { "max": { "field": "costTime" } }, "costTimeMin":{ "min": { "field": "costTime" } }, "costTimeAvg":{ "avg": { "field": "costTime" } } } } #查詢出@timestamp該日期范圍內的所有交易碼的最大、最小、平均耗時,doc_count出現次數 ##filter查詢沒有相關性得分 GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte":"2021-12-08 00:18:00", "lte":"2021-12-08 00:20:00", "time_zone":"+08:00", "format":"yyyy-MM-dd HH:mm:ss" } } } } }, "aggs": { "transCodeTerms": { "terms": { "field": "transCode.keyword" }, "aggs": { "costTimeMax": { "max": { "field": "costTime" } }, "costTimeMin":{ "min": { "field": "costTime" } }, "costTimeAvg":{ "avg": { "field": "costTime" } } } } } } #查詢出交易碼OO06U001和@timestamp該日期范圍內的最大、最小、平均耗時,doc_count出現次數 #range查詢有相關性得分 GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "must": [ { "match": { "transCode": "OO06U001" } }, { "range": { "@timestamp": { "gte": "2021-12-08 00:18:00.00", "lte": "2021-12-08 00:20:00.00", "time_zone": "+08:00", "format": "yyyy-MM-dd HH:mm:ss.SS" } } } ] } } , "aggs": { "transCodeTerms": { "terms": { "field": "transCode.keyword" }, "aggs": { "costTimeMax": { "max": { "field": "costTime" } }, "costTimeMin":{ "min": { "field": "costTime" } }, "costTimeAvg":{ "avg": { "field": "costTime" } } } } } } #查詢出@timestamp該日期范圍內的所有交易碼的最大、最小、平均耗時,doc_count出現次數 #在根據出現次數正序排列(asc) ##filter查詢沒有相關性得分 GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte":"2021-12-08 00:18:00", "lte":"2021-12-08 00:20:00", "time_zone":"+08:00", "format":"yyyy-MM-dd HH:mm:ss" } } } } }, "aggs": { "transCodeTerms": { "terms": { "field": "transCode.keyword", "order": { "_count": "asc" } }, "aggs": { "costTimeMax": { "max": { "field": "costTime" } }, "costTimeMin":{ "min": { "field": "costTime" } }, "costTimeAvg":{ "avg": { "field": "costTime" } } } } } }
補充聚合結果排序
#查詢出@timestamp該日期范圍內的所有交易碼的最大、最小、平均耗時,doc_count出現次數 #在根據聚合結果costTimeMin(最小耗時)正序(asc)排列 #filter查詢沒有相關性得分 GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "must": [ {"match": { "isSuccess.keyword": "Y" } } ], "filter": { "range": { "@timestamp": { "gte":"2021-12-08 00:18:00", "lte":"2021-12-08 00:20:00", "time_zone":"+08:00", "format":"yyyy-MM-dd HH:mm:ss" } } } } }, "aggs": { "transCodeTerms": { "terms": { "field": "transCode.keyword", "order": { "costTimeMin": "asc" } }, "aggs": { "costTimeMax": { "max": { "field": "costTime" } }, "costTimeMin":{ "min": { "field": "costTime" } }, "costTimeAvg":{ "avg": { "field": "costTime" } } } } } }
#使用自帶 key(分類的字段) 和 count(匹配的次數) 字段排序 #BucketOrder.key(asc) BucketOrder.count(asc) BucketOrder.aggregation(orderField, asc) GET transactionmonitor-2021.12.08/doc/_search { "query": { "bool": { "must": [ {"match": { "isSuccess.keyword": "Y" } }, { "match": { "transCode.keyword": "DEDE02Q002" } } ], "filter": { "range": { "@timestamp": { "gte":1638893880000, "lte":1638894000000 } } } } }, "aggs": { "transCodeGrp": { "terms": { "field": "@timestamp", "order": { "_key": "asc", "_count": "asc" } }, "aggs": { "costTimeAvg":{ "avg": { "field": "costTime" } } } } } }