英文:
elastic search count results by day
问题
我有许多Elasticsearch中的日志,需要统计过去10天每天有多少日志。不幸的是,我的JSON代码有问题。您能帮我查找错误吗?提前谢谢!
我需要像下面这样的结果:
日期:记录数
2023-03-17 256
2023-03-18 148
以下是我的JSON代码,其中存在一些错误:
GET /index_name/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-11d",
"lte": "now-1d"
}
}
},
"aggs" : {
"byDay" : {
"date_histogram" : {
"field" : "@timestamp",
"calendar_interval" : "1d",
"format" : "yyyy-MM-dd"
}
}
}
}
上述执行的结果:
{
"took": 448,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"byDay": {
"buckets": []
}
}
}
我的索引结构如下:
{
"took": 621,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": 1,
"hits": [
{
"_index": "logs-000001",
"_id": "FDiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.029Z",
"qid": "7079B4FEE7",
"status": "status_A"
}
},
{
"_index": "logs-000001",
"_id": "FTiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.057Z",
"qid": "BE5694FEFB",
"status": "status_A"
}
}
]
}
}
英文:
I have lots of logs in elasticsearch and have to count how many logs I have per one day from last 10 days. Unfortunately my json doesn't work. Could you check where I made mistake? Thanks in advance ! 
I need something like:
date : records
2023-03-17 256
2023-03-18 148
Below is my json with some mistake
GET /index_name/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-11d",
"lte": "now-1d"
}
}
},
"aggs" : {
"byDay" : {
"date_histogram" : {
"field" : "@timestamp",
"calendar_interval" : "1d",
"format" : "yyyy-MM-dd"
}
}
}
}
result of above execution:
{
"took": 448,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"byDay": {
"buckets": []
}
}
}
Structure of my index look like that:
{ "took": 621, "timed_out": false, "_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0 }, "hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": 1,
"hits": [
{
"_index": "logs-000001",
"_id": "FDiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.029Z",
"qid": "7079B4FEE7",
"status": "status_A",
}
},
{
"_index": "logs-000001",
"_id": "FTiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.057Z",
"qid": "BE5694FEFB",
"status": "status_A",
}
}
]
} }
答案1
得分: 0
以下是翻译好的内容:
For your example I increased the range.
{
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "now-31d",
"lte": "now-1d"
}
}
},
"aggs": {
"byDay": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d",
"format": "yyyy-MM-dd"
}
}
}
}
Results:
"aggregations" : {
"byDay" : {
"buckets" : [
{
"key_as_string" : "2023-03-02",
"key" : 1677715200000,
"doc_count" : 2
}
]
}
}
英文:
For your example I increased the range.
{
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "now-31d",
"lte": "now-1d"
}
}
},
"aggs": {
"byDay": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d",
"format": "yyyy-MM-dd"
}
}
}
}
Results:
"aggregations" : {
"byDay" : {
"buckets" : [
{
"key_as_string" : "2023-03-02",
"key" : 1677715200000,
"doc_count" : 2
}
]
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论