弹性搜索无法执行时间戳范围查询 [英] Elastic search fail to do a timestamp range query
问题描述
我需要在特定时间范围内进行查询,
i need to do a query within certain time range ,
首先,我想做一个查询
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "13000020"
}
},
{
"range": {
"timestampstring": {
"lte": "2020-10-05 15:22:58.537"
}
}
}
]
}
}
}
结果是
{
"took": 15,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 12,
"relation": "eq"
},
"max_score": 2.0,
"hits": [
{
"_index": "test",
"_type": "test12",
"_id": "WvNJl3UBy18_Kc9Pl1tu",
"_score": 2.0,
"_source": {
"hdrId": 13000020,
"timestampstring": "2020-11-05 15:22:58.537",
"DevieId": "624232489",
"type": "data"
}
},
{
"_index": "test",
"_type": "test12",
"_id": "jvOSmHUBy18_Kc9PK3qp",
"_score": 2.0,
"_source": {
"hdrId": 13000020,
"timestamp": 1604582511655,
"timestampstring": "2020-11-05 21:21:51.655",
"type": "data"
}
}
]
}
}
任何人都可以查明我做错了哪些部分吗?
Can anyone pinpoint which part i was doing wrong?
第二,我在这里没有做例子 https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-daterange-aggregation.html
secondly, i fail to do the example in this https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-daterange-aggregation.html
上面的示例如何适合我的应用程序,谢谢
how can the above example suit my application , thanks
杰夫
此刻,我正尝试在邮递员中做这件事,这是设置
At this moment i am trying to do in Postman, here is the setup
获取http://myip:9200/test/dev/_search我需要在这里做索引吗?
GET http://myip:9200/test/dev/_search and do i need to do the index here?
{
"mappings": {
"properties": {
"timestampstring": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss.SSS"
}
}
}
}
来了
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [mappings].",
"line": 2,
"col": 15
}
],
"type": "parsing_exception",
"reason": "Unknown key for a START_OBJECT in [mappings].",
"line": 2,
"col": 15
},
"status": 400
}
推荐答案
您可能尚未设置 timestampstring 的索引映射.要了解有关日期格式的更多信息,请参阅此
添加包含索引数据,映射,搜索查询和搜索结果的工作示例
Adding a working example with index data, mapping, search query, and search result
索引映射:
{
"mappings": {
"properties": {
"timestampstring": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss.SSS"
}
}
}
}
索引数据:
{
"hdrId": 13000020,
"timestamp": 1604582511655,
"timestampstring": "2020-11-05 21:21:51.655",
"type": "data"
}
{
"hdrId": 13000020,
"timestampstring": "2020-11-05 15:22:58.537",
"DevieId": "624232489",
"type": "data"
}
搜索查询:
现在运行相同的搜索查询,您将获得所需的结果
Now running the same search query, you will get your desired result
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "13000020"
}
},
{
"range": {
"timestampstring": {
"lte": "2020-10-05 15:22:58.537"
}
}
}
]
}
}
}
搜索结果:
"hits": []
You can apply Date range aggregation, in the following way:
{
"aggs": {
"range": {
"date_range": {
"field": "timestampstring",
"format": "yyyy-MM-dd HH:mm:ss.SSS",
"ranges": [
{
"to": "now-1M"
},
{
"from": "now-1M"
}
]
}
}
}
}
以上查询将创建两个范围存储桶,第一个将存储桶"显示为"bucket".所有文件的日期均早于1个月前,第二个文件将存储桶"自1个月前以来的所有文档.由于索引数据中没有日期早于1个月的文档,因此第一个存储桶的 doc_count 为0,第二个存储桶的 doc_count 为2
The above query will create two range buckets, the first will "bucket" all documents dated prior to 1 month ago, and the second will "bucket" all documents dated since 1 month ago. Since in the index data, there is no document that is dated prior to 1 month, so the doc_count of the first bucket is 0 and that of the second bucket is 2
搜索结果:
"aggregations": {
"range": {
"buckets": [
{
"key": "*-2020-10-25 10:10:07.665",
"to": 1.603620607665E12,
"to_as_string": "2020-10-25 10:10:07.665",
"doc_count": 0
},
{
"key": "2020-10-25 10:10:07.665-*",
"from": 1.603620607665E12,
"from_as_string": "2020-10-25 10:10:07.665",
"doc_count": 2
}
]
}
}
这篇关于弹性搜索无法执行时间戳范围查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
