我有一个域服务器elasticsearch: timestamp,user与bytes_down(其中包括)
timestamp
user
bytes_down
我只想在一个小时介于上午8点至晚上8点之间的情况下,为一个月的用户总计byte_down值
我可以通过以下查询获取带有日期直方图的每日总计(我在这里使用的是perl API),但无法找到一种将每天的小时数减少到小时范围的方法
my $query = { index => 'cm', body => { query => { filtered => { query => { term => {user => $user} }, filter => { and => [ { range => { timestamp => { gte => '2014-01-01', lte => '2014-01-31' } } }, { bool => { must => { term => { zone => $zone } } } } ] } } }, facets => { bytes_down => { date_histogram => { field => 'timestamp', interval => 'day', value_field => 'downstream' } } }, size => 0 } };
谢谢戴尔
我认为您需要使用script过滤器而不是range过滤器,然后将其放在facet_filter方面中:
script
range
facet_filter
"facet_filter" => { "script" => { "script" => "doc['timestamp'].date.getHourOfDay() >= 8 && doc['timestamp'].date.getHourOfDay() < 20" } }
