1. 首頁
  2. 問答
  3. 「aggs」查詢的輸出結果不正確

「aggs」查詢的輸出結果不正確

2017-09-01 44 views
0

我有一個查詢可以查詢給定日期時間窗口(即2017-02-17T15:00:00.0002017-02-17T16:00:00.000之間)的條目數。當我執行此查詢,我得到不正確的結果(這是更好地說,結果是出乎意料的):「aggs」查詢的輸出結果不正確

POST /myindex/_search 
{ 
    "size": 0, 
    "aggs": { 
    "range": { 
     "date_range": { 
      "field": "Datetime", 
      "ranges": [ 
       { "to": "2017-02-17T16:00:00||-1H/H" }, 
       { "from": "2017-02-17T16:00:00||/H" } 
      ] 
     } 
    } 
} 
}

這是輸出:

{ 
    "took": 0, 
    "timed_out": false, 
    "_shards": { 
    "total": 5, 
    "successful": 5, 
    "failed": 0 
    }, 
    "hits": { 
    "total": 11, 
    "max_score": 0, 
    "hits": [] 
    }, 
    "aggregations": { 
    "range": { 
     "buckets": [ 
     { 
      "key": "*-2017-02-17T15:00:00.000Z", 
      "to": 1487343600000, 
      "to_as_string": "2017-02-17T15:00:00.000Z", 
      "doc_count": 0 
     }, 
     { 
      "key": "2017-02-17T16:00:00.000Z-*", 
      "from": 1487347200000, 
      "from_as_string": "2017-02-17T16:00:00.000Z", 
      "doc_count": 0 
     } 
     ] 
    } 
    } 
}

myindex我有兩個條目具有以下的Datetime值:

2017-02-17T15:15:00.000Z 
2017-02-17T15:02:00.000Z

所以,結果應該是等於2

我不明白如何解釋當前輸出。哪些字段定義了條目的數量?

UPDATE:

數據結構:

PUT /myindex 
{ 
    "mappings": { 
     "intensity": { 
     "_all": { 
     "enabled": false 
     }, 
     "properties": { 
      "Country_Id": { 
      "type":"keyword" 
      }, 
      "Datetime": { 
      "type":"date" 
      } 
     } 
     } 
    } 
}

樣本數據:

{ 
    "took": 0, 
    "timed_out": false, 
    "_shards": { 
    "total": 5, 
    "successful": 5, 
    "failed": 0 
    }, 
    "hits": { 
    "total": 5, 
    "max_score": 1, 
    "hits": [ 
     { 
     "_index": "myindex", 
     "_type": "intensity", 
     "_id": "4", 
     "_score": 1, 
     "_source": { 
      "Country_Id": "1", 
      "Datetime": "2017-02-18T15:01:00.000Z" 
     } 
     }, 
     { 
     "_index": "myindex", 
     "_type": "intensity", 
     "_id": "6", 
     "_score": 1, 
     "_source": { 
      "Country_Id": "1", 
      "Datetime": "2017-03-16T16:15:00.000Z" 
     } 
     }, 
     { 
     "_index": "myindex", 
     "_type": "intensity", 
     "_id": "1", 
     "_score": 1, 
     "_source": { 
      "Country_Id": "1", 
      "Datetime": "2017-02-17T15:15:00.000Z" 
     } 
     }, 
     { 
     "_index": "myindex", 
     "_type": "intensity", 
     "_id": "7", 
     "_score": 1, 
     "_source": { 
      "Country_Id": "1", 
      "Datetime": "2017-03-16T16:18:00.000Z" 
     } 
     }, 
     { 
     "_index": "myindex", 
     "_type": "intensity", 
     "_id": "3", 
     "_score": 1, 
     "_source": { 
      "Country_Id": "1", 
      "Datetime": "2017-02-17T15:02:00.000Z" 
     } 
     } 
    ] 
    } 
}

,我得到的答案是:

{ 
    "took": 2, 
    "timed_out": false, 
    "_shards": { 
    "total": 5, 
    "successful": 5, 
    "failed": 0 
    }, 
    "hits": { 
    "total": 11, 
    "max_score": 0, 
    "hits": [] 
    }, 
    "aggregations": { 
    "range": { 
     "buckets": [ 
     { 
      "key": "2017-02-17T15:00:00.000Z-2017-02-17T16:00:00.000Z", 
      "from": 1487343600000, 
      "from_as_string": "2017-02-17T15:00:00.000Z", 
      "to": 1487347200000, 
      "to_as_string": "2017-02-17T16:00:00.000Z", 
      "doc_count": 0 
     } 
     ] 
    } 
    } 
}

來源

2017-09-01 Dinosaurius

+0

如果我沒有記錯的話,第一個範圍去'15:00'和第二範圍從'16開始:00',所以15:15和15:02只是在中間。 – Val

+0

@Val:我想獲得'2017-02-17T15:00:00.000'和'2017-02-17T16:00:00.000'之間的記錄數。我的查詢出了什麼問題? – Dinosaurius

+1

爲什麼不簡單使用'date_histogram'而不是每小時一次? – Val

回答

2

個你的範圍是錯的,像這樣做,而不是

POST /myindex/_search 
{ 
    "size": 0, 
    "aggs": { 
    "range": { 
     "date_range": { 
      "field": "Datetime", 
      "ranges": [ 
       { 
        "from": "2017-02-17T16:00:00Z||-1H/H", 
        "to": "2017-02-17T16:00:00Z||/H" 
       } 
      ] 
     } 
    } 
} 
}

來源

2017-09-01 10:28:13 Val

+0

我想用'-1H'。可能嗎? – Dinosaurius

+0

我修改了我的答案 – Val

+0

好的,謝謝。我檢查它並得到''doc_count「:0'。無法理解爲什麼會發生。順便說一句,你在「from」結尾錯過了逗號。 – Dinosaurius

相關問題

 相關問題