Dears,
Second my problem.
Is there any way/method to filter doc by timestamp inside aggregation?
or
Is there any way/method to filter aggregated doc by timestamp?
My aggregation looks like:
GET /log-2020.07.07/_search?size=0
{
"aggs": {
"rc": {
"terms": {"field": "ci.rc.keyword","size": 10}
}
}
}
Regards,
Dan
From my point of view such query should looks like:
POST /logs-2020.07.07/_search?size=0
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2020-07-07T00:00:01",
"lte": "2020-07-07T23:59:59"
}
}
}
]
}
},
"aggs": {
"rc": {
"terms": {"field": "ci.rc.keyword","size": 10}
}
}
}
Am I right?
Could you add a query to the search that does the filtering?
I think so!
I have to add timestamp condition to such query:
GET /log-2020.07.07/_search?size=0
{
"query": {
"bool": {
"should": [
{
"query_string": {
"default_field": "ci.rc",
"query": "(1??) or (2??)"
}
},
{
"query_string": {
"default_field": "ci.rc",
"query": "(9??)"
}
},
{
"bool": {
"must": [
{
"regexp": {
"ci.rc": "0[0-9]{2}"
}
},
{
"regexp": {
"ci.mti": "[0-9]{2}[3|5|7|9][0-9]{1}"
}
}
]
}
}
]
}
},
"aggs": {
"rc": {
"terms": {"field": "ci.rc.keyword","size": 10}
}
}
}
I try to write query which will:
count docs which have codes 1?? or 2?? in ci.rc
and
count docs which have codes 9?? in ci.rc
and
count docs which have codes 0?? in ci.rc and have codes "[0-9]{2}[3|5|7|9][0-9]{1}" in rc.mti
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.