- elasticsearch/
elasticsearch 格式错误的布尔查询elasticsearch-elasticsearch观察程序
elasticsearch 格式错误的布尔查询elasticsearch-elasticsearch观察程序
您好,我有下面的弹性搜索查询使用这个在开发工具。我的bool查询不断出错,但查看@timestamp字段并尝试只检索一天的数据似乎是正确的
"input": {
"search": {
"request": {
"indices": [
"<iovation-*>"
],
"body": {
"size": 0,
"query": {
"bool": {
"must": {
"range": {
"@timestamp": {
"gte": "now-1d"
}
}
}
},
"aggs": {
"percentiles": {
"percentiles": {
"field": "logstash.load.duration",
"percents": 95,
"keyed": false
}
},
"dates": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "5m",
"min_doc_count": 1
}
}
}
}
}
}
}
},
“输入”:{
“搜索”:{
“请求”:{
“指数”:[
""
],
“正文”:{
“大小”:0,
“查询”:{
“布尔”:{
“必须”:{
“范围”:{
“@timestamp”:{
“gte”:“现在-1d”
}
}
}
},
“aggs”:{
“百分位数”:{
“百分位数”:{
“字段”:“logstash.load.duration”,
“百分比”:95,
“键控”:错误
}
},
“日期”:{
“日期直方图”:{
“字段”:“@时间戳”,
“日历间隔”:“5m”,
“最小单据数”:1
}
}
}
}
}
}
}
},
感谢您的帮助,谢谢 您的查询中几乎没有错误
}{
"size": 0,
"query": {
"bool": {
"must": {
"range": {
"@timestamp": {
"gte": "now-1d"
}
}
}
} // note this
},
"aggs": {
"percentiles": {
"percentiles": {
"field": "logstash.load.duration",
"percents": 95,
"keyed": false
}
},
"dates": {
"date_histogram": {
"field": "timestamp",
"fixed_interval": "5m", // note this
"min_doc_count": 1
}
}
}
}
谢谢你,这很有效。还感谢您指出固定间隔信息@电子编码器