date - 使用elasticsearch中的日期直方图获取特定日期范围内的插入文档计数

问题描述

我在 elasticsearch 中列出了包含各种文件的文档。文件如下所示。

    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-06T16:47:13.555Z"
    },
    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-06T18:00:00.555Z"
    },
    {
        "role": "api_user",
        "apikey": "key1"
        "data":{},
        "@timestamp": "2021-10-07T13:47:13.555Z"
    }
]

我想以 1 天的间隔查找特定日期范围内存在的文档数量，比方说 2021-10-05T00:47:13.555Z to 2021-10-08T00:13:13.555Z

我正在尝试以下聚合结果。

{
    "size": 0,
    "query": {
        "filter": {
            "bool": {
                "must": [
                    {
                        "range": {
                            "@timestamp": {
                                "gte": "2021-10-05T00:47:13.555Z",
                                "lte": "2021-10-08T00:13:13.555Z",
                                "format": "strict_date_optional_time"
                            }
                        }
                    }
                ]
            }
        }
    },
    "aggs": {
        "data": {
            "date_histogram": {
                "field": "@timestamp",
                "calendar_interval": "day"
            }
        }
    }
}

预期的输出应该是：- 因为2021-10-06我应该得到 2 个文档，2021-10-07我应该得到 1 个文档，如果文档不存在，我应该得到计数为 0。

标签： dateelasticsearchsearchdate-histogram