亲爱的Elastic Serach用户,
我是ElasticSearch的新手.
我很困惑如何将以下sql命令转换为elasticSearch DSL查询?任何人都可以帮助我.
SELECT ip, count(*) as c FROM elastic WHERE date
BETWEEN '2016-08-20 00:00:00' and '2016-08-22 13:41:09'
AND service='http' AND destination='10.17.102.1' GROUP BY ip ORDER BY c DESC;
谢谢
Val*_*Val 10
下面的查询将实现你想要什么,也就是说,它会选择所需的内部文件,date范围和所要求的service和destination,然后运行一个terms聚合(=组由)在他们的ip领域,并责令后者下降计数的顺序.
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"date": {
"gt": "2016-08-22T00:00:00.000Z",
"lt": "2016-08-22T13:41:09.000Z"
}
}
},
{
"term": {
"service": "http"
}
},
{
"term": {
"destination": "10.17.102.1"
}
}
]
}
},
"aggs": {
"group_by_ip": {
"terms": {
"field": "ip"
}
}
}
}
| 归档时间: |
|
| 查看次数: |
6449 次 |
| 最近记录: |