Elasticsearch按照时间统计文档数量

Elasticsearch按时间聚合

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
GET md_log/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"date_histogram": {
"field": "time",
"interval": "hour",
"format": "yyyy-MM-dd HH",
"min_doc_count": 0,
"order": {
"_key": "desc"
}
}
}
},
"query": {
"bool": {
"must": [
{
"range": {
"time": {
"gte": 1570636800000,
"lt": 1570723200000
}
}
}
],
"must_not": [
{
"term": {
"execute_type": {
"value": "0"
}
}
}
]
}
}
}

结果数据

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
{
"took" : 178,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 229,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"group_by_state" : {
"buckets" : [
{
"key_as_string" : "2019-10-10 14",
"key" : 1570716000000,
"doc_count" : 13
},
{
"key_as_string" : "2019-10-10 13",
"key" : 1570712400000,
"doc_count" : 3
},
{
"key_as_string" : "2019-10-10 12",
"key" : 1570708800000,
"doc_count" : 14
},
{
"key_as_string" : "2019-10-10 11",
"key" : 1570705200000,
"doc_count" : 31
},
{
"key_as_string" : "2019-10-10 10",
"key" : 1570701600000,
"doc_count" : 23
},
{
"key_as_string" : "2019-10-10 09",
"key" : 1570698000000,
"doc_count" : 65
},
{
"key_as_string" : "2019-10-10 08",
"key" : 1570694400000,
"doc_count" : 11
},
{
"key_as_string" : "2019-10-10 07",
"key" : 1570690800000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 06",
"key" : 1570687200000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 05",
"key" : 1570683600000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 04",
"key" : 1570680000000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 03",
"key" : 1570676400000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 02",
"key" : 1570672800000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 01",
"key" : 1570669200000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-10 00",
"key" : 1570665600000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-09 23",
"key" : 1570662000000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-09 22",
"key" : 1570658400000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-09 21",
"key" : 1570654800000,
"doc_count" : 5
},
{
"key_as_string" : "2019-10-09 20",
"key" : 1570651200000,
"doc_count" : 14
},
{
"key_as_string" : "2019-10-09 19",
"key" : 1570647600000,
"doc_count" : 9
},
{
"key_as_string" : "2019-10-09 18",
"key" : 1570644000000,
"doc_count" : 0
},
{
"key_as_string" : "2019-10-09 17",
"key" : 1570640400000,
"doc_count" : 19
},
{
"key_as_string" : "2019-10-09 16",
"key" : 1570636800000,
"doc_count" : 22
}
]
}
}
}

kibana可视化配置 https://s0www0elastic0co.icopy.site/guide/en/kibana/4.5/visualize.html

参考 http://doc.codingdict.com/elasticsearch/147/
https://blog.csdn.net/qq_28988969/article/details/81565765
https://www.iteye.com/blog/wsdtq123-2346070