我想通过查询elasticsearch API并按特定字段过滤来获取给定时间段内的消息总数。
GET /logstash-2016.11.23/_count
{
"query": {
"bool" : {
"should" : [
{
"term": { "_type":"streams_blog_out"}
},
{
"range": {
"timestamp": {
"from": "2016-11-22T00:00:00",
"to": "2016-11-23T00:00:00"
}
}
}
]
}
}
}
这给了我:
{
"count": 1377737,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
}
}
编辑2:
获取错误:嵌套:QueryParsingException [[logstash-2016.11.23]请求不支持[highlight]]; “
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "_type:streams_blogs_out",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1479790800000,
"lte": 1479877199999
}
}
}
],
"must_not": []
}
}
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {}
},
"fragment_size": 2147483647
},
"size": 500,
"sort": [
{
"@timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"interval": "30m",
"pre_zone": "-05:00",
"pre_zone_adjust_large_interval": true,
"min_doc_count": 0,
"extended_bounds": {
"min": 1479790800000,
"max": 1479877199999
}
}
}
},
"fields": [
"*",
"_source"
],
"script_fields": {},
"fielddata_fields": []
}
编辑3:
更正请求:
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "_type:streams_blogs_out",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1479790800000,
"lte": 1479877199999
}
}
}
],
"must_not": []
}
}
}
}
}