场景
需要使用dsl语句同时查询出最近2小时、最近1天、最近7天、最近30天的数量,如果按照常规逻辑,需要写四个dsl语句,才能查询出来,那么能不能使用一句dsl就可以查询出结果呢?
show time
xml
GET alarm_forward_history_*/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"sourceName": {
"value": "运维123"
}
}
},
{
"term": {
"sourceAlertKey": {
"value": "生产问题描述223"
}
}
},
{
"term": {
"cmdb.app_name": {
"value": "dba数据库"
}
}
}
]
}
},
"aggs": {
"date": {
"date_range": {
"field": "@timestamp",
"ranges": [
{
"from": "now-2h",
"to": "now",
"key": "lastTwoHour"
},
{
"from": "now-1d",
"to": "now",
"key": "lastDay"
},
{
"from": "now-7d",
"to": "now",
"key": "lastSevenDay"
},
{
"from": "now-30d",
"to": "now",
"key": "lastMonth"
}
]
}
}
}
}输出结果大致如下:
xml
"aggregations" : {
"date" : {
"buckets" : [
{
"key" : "lastMonth",
"from" : 1.728359639296E12,
"from_as_string" : "2024-10-08T03:53:59.296Z",
"to" : 1.730951639296E12,
"to_as_string" : "2024-11-07T03:53:59.296Z",
"doc_count" : 7
},
{
"key" : "lastSevenDay",
"from" : 1.730346839296E12,
"from_as_string" : "2024-10-31T03:53:59.296Z",
"to" : 1.730951639296E12,
"to_as_string" : "2024-11-07T03:53:59.296Z",
"doc_count" : 0
},
{
"key" : "lastDay",
"from" : 1.730865239296E12,
"from_as_string" : "2024-11-06T03:53:59.296Z",
"to" : 1.730951639296E12,
"to_as_string" : "2024-11-07T03:53:59.296Z",
"doc_count" : 0
},
{
"key" : "lastTwoHour",
"from" : 1.730944439296E12,
"from_as_string" : "2024-11-07T01:53:59.296Z",
"to" : 1.730951639296E12,
"to_as_string" : "2024-11-07T03:53:59.296Z",
"doc_count" : 0
}
]
}
}
}总结
- 直接采用date_range函数,即可解决