【发布时间】:2016-03-05 11:53:05
【问题描述】:
REST API 调用
GET test10/LREmail10/_search/
{
"size": 10,
"query": {
"range": {
"ALARM DATE": {
"gte": "now-15d/d",
"lt": "now/d"
}
}
},
"fields": [
"ALARM DATE",
"CLASSIFICATION"
]
}
部分输出是,
"took": 25,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 490,
"max_score": 1,
"hits": [
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6XaShke4hy5dziK",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Attack"
],
"ALARM DATE": [
"25/02/2016 8:35:22 AM(UTC-08:00)"
]
}
},
{
"_index": "test10",
"_type": "LREmail10",
"_id": "AVM5g6e_Shke4hy5dziL",
"_score": 1,
"fields": {
"CLASSIFICATION": [
"Compromise"
],
"ALARM DATE": [
"25/02/2016 8:36:16 AM(UTC-08:00)"
]
}
},
我在这里真正想做的是,按 ALARM DATE 汇总 CLASSIFICATION。日期的默认格式也有分钟、秒和时区。但我想汇总每个日期的所有分类。所以,"25/02/2016 8:36:16 AM(UTC-08:00)" 和"25/02/2016 8:35:22 AM(UTC-08:00)" 应该被视为"25/02/2016" 日期。并获取属于单个日期的所有分类。
我希望我已经正确解释了问题。如果你们需要更多详细信息,请告诉我。
如果有人,可以给我一个提示,看看 Elasticsearch 中的哪个区域也很有帮助。
【问题讨论】: