Range
按数值类型的字段聚合统计
{
"query": {
"match_all": {}
},
"aggs": {
"terms_sc-status": {
"range": {
"field": "time-taken",
"ranges": [
{
"key": "small",
"to": 200
},
{
"key": "medium",
"from": 200,
"to": 500
},
{
"key": "large",
"from": 500
}
]
},
"aggs": {
"avg_size": {
"stats": {
"field": "time-taken"
}
}
}
}
},
"size": 20
}
Date_range 对于时间类型的字段进行区段统计
{
"query": {
"match_all": {}
},
"aggs": {
"aggname": {
"date_range": {
"field": "@timestamp",
"format": "yyyy-MM-dd",
"ranges": [
{
"to":"now-2d" //统计范围:从最远点到当前日期的前2天
},
{
"from":"now-2d" //统计范围:从当前日期的前2天到现在
}
]
},
"aggs": {
"avg_size": {
"stats": {
"field": "time-taken"
}
}
}
}
},
"size": 20
}
Histogram 对字段按间隔进行统计
{
"query": {
"match_all": {}
},
"aggs": {
"terms_sc-status": {
"histogram": {
"field": "time-taken",
"interval": 5000,
"min_doc_count": 1 //获取doc_count>=0数据
},
"aggs": {
"avg_size": {
"stats": {
"field": "time-taken"
}
}
}
}
},
"size": 20
}
Date_histogram 对日期型字段统计,可以使用year(y)、month(M)、week(w)、day(d)、hour(h)、minute(m)等常量做作为interval属性的取值
{
"query": {
"match_all": {}
},
"aggs": {
"aggname": {
"date_histogram": {
"field": "@timestamp",
"format": "yyyy-MM-dd",
"interval": "1y", //间隔是1年,
"keyed": true, // 返回值的key作为json对象的名称
"min_doc_count": 1
},
"aggs": {
"avg_size": {
"stats": {
"field": "time-taken"
}
}
}
}
}
}
