elasticsearch - 弹性搜索无法进行时间戳范围查询
问题描述
我需要在一定的时间范围内进行查询,
首先,我想做一个查询
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "13000020"
}
},
{
"range": {
"timestampstring": {
"lte": "2020-10-05 15:22:58.537"
}
}
}
]
}
}
}
结果是
{
"took": 15,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 12,
"relation": "eq"
},
"max_score": 2.0,
"hits": [
{
"_index": "test",
"_type": "test12",
"_id": "WvNJl3UBy18_Kc9Pl1tu",
"_score": 2.0,
"_source": {
"hdrId": 13000020,
"timestampstring": "2020-11-05 15:22:58.537",
"DevieId": "624232489",
"type": "data"
}
},
{
"_index": "test",
"_type": "test12",
"_id": "jvOSmHUBy18_Kc9PK3qp",
"_score": 2.0,
"_source": {
"hdrId": 13000020,
"timestamp": 1604582511655,
"timestampstring": "2020-11-05 21:21:51.655",
"type": "data"
}
}
]
}
}
谁能指出我做错了哪一部分?
其次,我没有在这个https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-daterange-aggregation.html中做这个例子
上面的例子如何适合我的应用程序,谢谢
杰夫
此刻我正在尝试在 Postman 中做,这是设置
GET http://myip:9200/test/dev/_search 我需要在这里做索引吗?
{
"mappings": {
"properties": {
"timestampstring": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss.SSS"
}
}
}
}
它来了
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [mappings].",
"line": 2,
"col": 15
}
],
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [mappings].",
"line": 2,
"col": 15
},
"status": 400
}
解决方案
您可能没有为timestampstring. 要了解有关日期格式的更多信息,请参阅此
添加具有索引数据、映射、搜索查询和搜索结果的工作示例
索引映射:
{
"mappings": {
"properties": {
"timestampstring": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss.SSS"
}
}
}
}
指数数据:
{
"hdrId": 13000020,
"timestamp": 1604582511655,
"timestampstring": "2020-11-05 21:21:51.655",
"type": "data"
}
{
"hdrId": 13000020,
"timestampstring": "2020-11-05 15:22:58.537",
"DevieId": "624232489",
"type": "data"
}
搜索查询:
现在运行相同的搜索查询,您将获得所需的结果
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "13000020"
}
},
{
"range": {
"timestampstring": {
"lte": "2020-10-05 15:22:58.537"
}
}
}
]
}
}
}
搜索结果:
"hits": []
您可以通过以下方式应用日期范围聚合:
{
"aggs": {
"range": {
"date_range": {
"field": "timestampstring",
"format": "yyyy-MM-dd HH:mm:ss.SSS",
"ranges": [
{
"to": "now-1M"
},
{
"from": "now-1M"
}
]
}
}
}
}
上面的查询将创建两个范围桶,第一个将“桶”所有 1 个月前的文档,第二个将“桶”所有 1 个月前的文档。由于索引数据中没有日期在1个月之前的文档,所以doc_count第一个桶的为0,第二个桶的为2
搜索结果:
"aggregations": {
"range": {
"buckets": [
{
"key": "*-2020-10-25 10:10:07.665",
"to": 1.603620607665E12,
"to_as_string": "2020-10-25 10:10:07.665",
"doc_count": 0
},
{
"key": "2020-10-25 10:10:07.665-*",
"from": 1.603620607665E12,
"from_as_string": "2020-10-25 10:10:07.665",
"doc_count": 2
}
]
}
}
推荐阅读
- java - 具有多个验证组的自定义 Spring 注解
- flutter - 如何在 Container Flutter 中制作响应式内容
- javascript - 在前端项目中使用 JavaScript 库的正确方法是什么?
- xml - 从给定的 XSD UBI 标准生成 XML 文件
- excel - 引用过滤列中的顶部单元格
- firebase - firebase 事务重试是否在事务之外运行代码?
- angular - ngx-print 不打印 AngularMaterial 组件样式
- python - 在python中同步两个共享对象的读/写操作
- sql - 创建存储过程时如何将列输出为条件函数?
- python - Pyspark 加入空安全检查,无重复列