zoukankan      html  css  js  c++  java
  • ElasticSearch使用kibana控制台查询示例(时间范围查询)

    记录一下关于日期的问题

    "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
    
    # 创建索引
    PUT my_date1
    {
      "mappings": {
        "properties": {
          "publicDate": {
            "type": "date",
            "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis",
            // 不管publicDate是什么格式, 存储字段始终是字符串形式, 默认格式为第一种格式, 这里为yyyy-MM-ddHH:mm:ss
            // 同理, 如果yyyy-MM-dd在第一个, 那么格式化字符串形式就是yyyy-MM-dd
            "store": true
          }
        }
      }
    }

    ElasticSearch使用kibana控制台查询示例(带时间范围查询)

    #查询transCode为OO06U001,并且根据@timestamp日期范围过滤,求出该交易码的最大、最小、平均耗时
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
                "must": [
                    {
                        "match": {
                            "transCode.keyword": "OO06U001"
                        }
                    }
                ], 
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte":"2021-12-08 00:18:00", 
                            "lte":"2021-12-08 00:20:00", 
                            "time_zone":"+08:00",
                            "format":"yyyy-MM-dd HH:mm:ss"
                        }
                    }
                }
            }
        },
        "aggs": {
          "costTimeMax": {
            "max": {
              "field": "costTime"
            }
          },
          "costTimeMin":{
            "min": {
              "field": "costTime"
            }
          },
          "costTimeAvg":{
            "avg": {
              "field": "costTime"
            }
          }
        }
    }
    
    
    
    #查询出@timestamp该日期范围内的所有交易码的最大、最小、平均耗时,doc_count出现次数
    ##filter查询没有相关性得分
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte":"2021-12-08 00:18:00", 
                            "lte":"2021-12-08 00:20:00", 
                            "time_zone":"+08:00",
                            "format":"yyyy-MM-dd HH:mm:ss"
                        }
                    }
                }
            }
        },
        "aggs": {
          
          "transCodeTerms": {
            "terms": {
              "field": "transCode.keyword"
            },
            "aggs": {
              "costTimeMax": {
                "max": {
                  "field": "costTime"
                }
              },
              "costTimeMin":{
                "min": {
                  "field": "costTime"
                }
              },
              "costTimeAvg":{
                "avg": {
                  "field": "costTime"
                }
              }
            }
          }
          
        }
    }
    
    
    #查询出交易码OO06U001和@timestamp该日期范围内的最大、最小、平均耗时,doc_count出现次数
    #range查询有相关性得分
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
                "must": [
                    {
                        "match": {
                            "transCode": "OO06U001"
                        }
                    }, 
                    {
                        "range": {
                            "@timestamp": {
                                "gte": "2021-12-08 00:18:00.00", 
                                "lte": "2021-12-08 00:20:00.00", 
                                "time_zone": "+08:00", 
                                "format": "yyyy-MM-dd HH:mm:ss.SS"
                            }
                        }
                    }
                ]
            }
        }
        ,
        "aggs": {
          
          "transCodeTerms": {
            "terms": {
              "field": "transCode.keyword"
            },
            "aggs": {
              "costTimeMax": {
                "max": {
                  "field": "costTime"
                }
              },
              "costTimeMin":{
                "min": {
                  "field": "costTime"
                }
              },
              "costTimeAvg":{
                "avg": {
                  "field": "costTime"
                }
              }
            }
          }
          
        }
    }
    
    
    
    #查询出@timestamp该日期范围内的所有交易码的最大、最小、平均耗时,doc_count出现次数
    #在根据出现次数正序排列(asc)
    ##filter查询没有相关性得分
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte":"2021-12-08 00:18:00", 
                            "lte":"2021-12-08 00:20:00", 
                            "time_zone":"+08:00",
                            "format":"yyyy-MM-dd HH:mm:ss"
                        }
                    }
                }
            }
        },
        "aggs": {
          
          "transCodeTerms": {
            "terms": {
              "field": "transCode.keyword",
              "order": {
                "_count": "asc"
              }
            },
            "aggs": {
              "costTimeMax": {
                "max": {
                  "field": "costTime"
                }
              },
              "costTimeMin":{
                "min": {
                  "field": "costTime"
                }
              },
              "costTimeAvg":{
                "avg": {
                  "field": "costTime"
                }
              }
            }
          }
          
        }
    }

    补充聚合结果排序

    #查询出@timestamp该日期范围内的所有交易码的最大、最小、平均耗时,doc_count出现次数
    #在根据聚合结果costTimeMin(最小耗时)正序(asc)排列
    #filter查询没有相关性得分
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
              "must": [
                {"match": {
                    "isSuccess.keyword": "Y"
                  }
                }
              ], 
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte":"2021-12-08 00:18:00", 
                            "lte":"2021-12-08 00:20:00", 
                            "time_zone":"+08:00",
                            "format":"yyyy-MM-dd HH:mm:ss"
                        }
                    }
                }
            }
        },
        "aggs": {
          
          "transCodeTerms": {
            "terms": {
              "field": "transCode.keyword",
              "order": {
                "costTimeMin": "asc"
              }
            },
            "aggs": {
              "costTimeMax": {
                "max": {
                  "field": "costTime"
                }
              },
              "costTimeMin":{
                "min": {
                  "field": "costTime"
                }
              },
              "costTimeAvg":{
                "avg": {
                  "field": "costTime"
                }
              }
            }
          }
          
        }
    }
    #使用自带 key(分类的字段) 和 count(匹配的次数) 字段排序
    #BucketOrder.key(asc)  BucketOrder.count(asc)   BucketOrder.aggregation(orderField, asc)
    GET transactionmonitor-2021.12.08/doc/_search
    {
        "query": {
            "bool": {
              "must": [
                {"match": {
                    "isSuccess.keyword": "Y"
                  }
                },
                {
                  "match": {
                    "transCode.keyword": "DEDE02Q002"
                  }
                }
              ], 
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte":1638893880000, 
                            "lte":1638894000000
                        }
                    }
                }
            }
        },
        "aggs": {
          
          "transCodeGrp": {
            "terms": {
              "field": "@timestamp",
              "order": {
                "_key": "asc",
                "_count": "asc"
              }
            },
            "aggs": {
              "costTimeAvg":{
                "avg": {
                  "field": "costTime"
                }
              }
            }
          }
          
        }
    }
  • 相关阅读:
    如何使用谷歌学术
    联合省选 2021 游记
    生成one-hot的方法
    GraphSAGE
    maven仓库如何引入本地jar包,Maven多种方式打可执行jar包
    DDL任务管理语句
    使用本地EDAS注册多个中台服务,供本地测试使用
    启动轻量级配置及注册中心EDAS
    端口被占用如何解决
    java8中Collectors.groupingBy 用法
  • 原文地址:https://www.cnblogs.com/xiejn/p/15666033.html
Copyright © 2011-2022 走看看