目录
https://blog.csdn.net/opera95/article/details/78614244
date_histogram
(和
histogram
一样)默认只会返回文档数目非零的 buckets。
1.标准写法在kibana中
GET /cars/transactions/_search
{
"size" : 0,
"aggs": {
"sales": {
"date_histogram": {
"field": "sold",
"interval": "month",
"format": "yyyy-MM-dd",
"min_doc_count" : 0, //这个参数强制返回空 buckets。
"extended_bounds" : { //这个参数强制返回整年
"min" : "2014-01-01",
"max" : "2014-12-31"
}
}
}
}
}
2.date_histogram支持了日期的表达式
的用法与histogram差不多,只不过区间上支持了日期的表达式。
interval字段支持多种关键字:`year`, `quarter`, `month`, `week`, `day`, `hour`, `minute`, `second`
{
"aggs":{
"articles_over_time":{
"date_histogram":{
"field":"date",
"interval":"month"
}
}
}
}
一个半小时可以定义
{
"aggs":{
"articles_over_time":{
"date_histogram":{
"field":"date",
"interval":"1.5h"
}
}
}
}
3.时间返回结果格式化
{
"aggs":{
"articles_over_time":{
"date_histogram":{
"field":"date",
"interval":"1M",
"format":"yyyy-MM-dd"
}
}
}
}
结果如下:其中key_as_string是格式化后的日期,key显示了是日期时间戳,
{
"aggregations":{
"articles_over_time":{
"buckets":[{
"key_as_string":"2013-02-02",
"key":1328140800000,
"doc_count":1
},{
"key_as_string":"2013-03-02",
"key":1330646400000,
"doc_count":2
},
...
]}
}
}
4.time_zone时区的用法
在es中日期支持时区的表示方法,这样就相当于东八区的时间。
{
"aggs":{
"by_day":{
"date_histogram":{
"field":"date",
"interval":"day",
"time_zone":"+08:00"
}
}
}
}
5,offset 使用偏移值,改变时间区间
默认情况是从凌晨0点到午夜24:00,如果想改变时间区间,可以通过下面的方式,设置偏移值
{"aggs":{
"by_day":{
"date_histogram":{
"field":"date",
"interval":"day",
"offset":"+6h"
}
}
}
}
那么桶的区间就改变为:
"aggregations":{
"by_day":{
"buckets":[{
"key_as_string":"2015-09-30T06:00:00.000Z",
"key":1443592800000,
"doc_count":1
},{
"key_as_string":"2015-10-01T06:00:00.000Z",
"key":1443679200000,
"doc_count":1
}]
}
}
6.Missing Value缺省字段
当遇到没有值的字段,就会按照缺省字段missing value来计算:
{
"aggs":{
"publish_date":{
"date_histogram":{
"field":"publish_date",
"interval":"year",
"missing":"2000-01-01"
}
}
}
}
7.其他
对于其他的一些用法,这里就不过多赘述了,比如脚本、Order、min_doc_count过滤,extended_bounds等都是支持的
8.代码实现
//创建search请求
SearchRequest searchRequest = new SearchRequest("final_edition_mail_log");
//用SearchSourceBuilder来构造查询请求体
SearchSourceBuilder sourceBuilder = new SearchSourceBuilder();
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery();
List<SuspiciousAccount> list = new ArrayList<SuspiciousAccount>();
boolQueryBuilder
.must( QueryBuilders.termsQuery("fullName.keyword", param.get("orgName")))
.must(QueryBuilders.termsQuery("abroad.keyword","OUT"))//国外
//.must(QueryBuilders.existsQuery("credit"))
.must(QueryBuilders.termsQuery("behavior","1"))
.filter(QueryBuilders.rangeQuery("create_date")
.timeZone("GMT+8")
.gte(DateUtil.getFirstDayOfMonth()).lte(DateUtil.getLastDayOfMonth()));
AggregationBuilder aggregationBuilder = AggregationBuilders.dateHistogram("create_date")//自定义名称
.fixedInterval(DateHistogramInterval.DAY)//设置间隔
.minDocCount(0)//返回空桶
.field("create_date")
.offset("+16h")//时区区间偏移值
.extendedBounds(
new ExtendedBounds(DateUtil.getFirstDayOfMonth(), DateUtil.getLastDayOfMonth()));//指定时间字段
sourceBuilder.query(boolQueryBuilder).aggregation(aggregationBuilder).size(0);
searchRequest.source(sourceBuilder);
//发送请求
SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
Aggregation agg = searchResponse.getAggregations().get("create_date");
List<? extends Histogram.Bucket> buckets = ((Histogram) agg).getBuckets();
for (Histogram.Bucket bucket : buckets) {
SuspiciousAccount account = new SuspiciousAccount();
String longTime = bucket.getKeyAsString();
log.info(""+bucket.getKeyAsString());
log.info(String.valueOf(bucket.getDocCount()));
account.setDayOf(DateUtil.timeStamp2Date(String.valueOf(Long.parseLong(longTime)/1000),"yyyy-MM-dd"));
account.setSuccessSum(String.valueOf(bucket.getDocCount()));
list.add(account);
}
版权声明:本文为qq_41611829原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。