我需要获取特定日期的不同 ID的列表。我正在尝试将“聚合”与“过滤”一起使用。尝试了几种方法,但是没有用。什么是正确的格式?
{
"size": "1000",
"_source": ["Id"],
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": { "field": "Id.keyword" }
}
}
}
{
"size": "1000",
"_source": ["Id"],
"aggs": {
"ids": {
"filter": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"terms": { "field": "Id.keyword" }
}
}
}
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
}
最佳答案
实际上,第一种选择几乎是正确的。您只需要在查询中将大小设置为0,删除不需要的_source,并在术语聚合中将大小设置为1000:
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}