我想根據時間戳從 elasticsearch 中檢索資料。時間戳在 epoch_millis 中,我嘗試像這樣檢索資料:
{
"query": {
"bool": {
"must":[
{
"range": {
"TimeStamp": {
"gte": "1632844180",
"lte": "1635436180"
}
}
}
]
}
},
"size": 10
}
但回應是這樣的:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
如何從某個索引中檢索給定時間段內的資料?
資料如下所示:
{
"_index" : "my-index",
"_type" : "_doc",
"_id" : "zWpMNXcBTeKmGB84eksSD",
"_score" : 1.0,
"_source" : {
"Source" : "Market",
"Category" : "electronics",
"Value" : 20,
"Price" : 45.6468,
"Currency" : "EUR",
"TimeStamp" : 1611506922000 }
此外,_search在索引上使用時,結果有 10.000 次點擊。我如何訪問其他條目?(超過 10.000 個結果)并且能夠選擇所需的時間戳間隔。
uj5u.com熱心網友回復:
對于你的第一個問題,假設你有這樣的映射:
{
"mappings": {
"properties": {
"Source": {
"type": "keyword"
},
"Category": {
"type": "keyword"
},
"Value": {
"type": "integer"
},
"Price": {
"type": "float"
},
"Currency": {
"type": "keyword"
},
"TimeStamp": {
"type": "date"
}
}
}
}
然后我索引了 2 個示例檔案(上面 1 個是您的,但時間戳絕對不在您的范圍內):
[{
"Source": "Market",
"Category": "electronics",
"Value": 30,
"Price": 55.6468,
"Currency": "EUR",
"TimeStamp": 1633844180000
},
{
"Source": "Market",
"Category": "electronics",
"Value": 20,
"Price": 45.6468,
"Currency": "EUR",
"TimeStamp": 1611506922000
}]
如果您確實需要使用上述范圍進行查詢,則首先需要將您的TimeStamp欄位轉換為秒 (/1000),然后根據該欄位進行查詢:
{
"runtime_mappings": {
"secondTimeStamp": {
"type": "long",
"script": "emit(doc['TimeStamp'].value.millis/1000);"
}
},
"query": {
"bool": {
"must": [
{
"range": {
"secondTimeStamp": {
"gte": 1632844180,
"lte": 1635436180
}
}
}
]
}
},
"size": 10
}
然后你會得到第一個檔案。
關于你的第二個問題,默認情況下,Elasticsearch 的max_result_window只有 10000。你可以通過更新設定來增加這個限制,但它會增加記憶體使用量。
PUT /index/_settings
{
"index.max_result_window": 999999
}
您應該改用search_afterAPI。
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/345194.html