我执行此查询-
webpack --mode production给出以下结果集。我正在粘贴结果集的摘要。
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
{
"range": {
"server-status.meta.current-time": {
"lte": "now-91d/d"
}
}
}
],
"must_not": []
}
},
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"2": {
"date_histogram": {
"field": "server-status.meta.current-time",
"interval": "1h",
"time_zone": "CST6CDT",
"min_doc_count": 1
},
"aggs": {
"4": {
"terms": {
"field": "server-status.type.keyword",
"include": "http-server",
"size": 500,
"order": {
"1": "desc"
}
},
"aggs": {
"1": {
"sum": {
"field": "server-status.status-properties.expanded-tree-cache-hit-rate.value",
"script": "_value/60"
}
},
"3": {
"terms": {
"field": "server-status.name.keyword",
"size": 500,
"order": {
"1": "desc"
}
},
"aggs": {
"1": {
"sum": {
"field": "server-status.status-properties.expanded-tree-cache-hit-rate.value",
"script": "_value/60"
}
}
}
}
}
}
}
}
}
}
我希望将结果转换为以下json结构。
{
"took": 4975,
"timed_out": false,
"_shards": {
"total": 225,
"successful": 225,
"failed": 0
},
"hits": {
"total": 76580901,
"max_score": 0,
"hits": []
},
"aggregations": {
"2": {
"buckets": [
{
"4": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"1": {
"value": 26.905470121166662
},
"3": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"1": {
"value": 19.867822477833336
},
"key": "App-Services",
"doc_count": 304
},
{
"1": {
"value": 6.262844921500001
},
"key": "polaris-content-v11-2-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0.593010372
},
"key": "polaris-c360-content-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0.07257377216666668
},
"key": "evisor-content-v11-https",
"doc_count": 304
},
{
"1": {
"value": 0.058457784666666665
},
"key": "ohca-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0.050760793
},
"key": "ivr-ani-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "Admin",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "App-Services-ldap",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "App-Services-no-ldap",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "HealthCheck",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "Manage",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "Manage-ldap",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "custom-Manage-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "epmp-admin-rxy-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "epmp-admin-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "epmp-content-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "epmp-ssl-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "epmp-ssl-http-v2",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "metadata-registry-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "monitoring-alerting-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "ohca-content-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "polaris-c360-content-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "stage-c360-xray-https",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "unstructured-content-http",
"doc_count": 304
},
{
"1": {
"value": 0
},
"key": "unstructured-content-ssl-http",
"doc_count": 304
}
]
},
"key": "http-server",
"doc_count": 7600
}
]
},
"key_as_string": "2018-04-11T09:00:00.000-05:00",
"key": 1523455200000,
"doc_count": 12160
},
弹性观察者转换也可以。我想将结果集转换为上述格式。我是弹性新手。我在可视化区域中进行了更改并在开发工具中执行了该查询后,即可获得该查询。但是实际上我想在将数据转换为上述格式后摄取数据。