我需要獲取每個界面的最后一個檔案,我玩過不同的查詢,但我可以得到想要的結果,下面是我的最后一次嘗試。
能不能幫我獲取一下現場吞吐量存在的每個介面的最后一個檔案?
謝謝
GET /interface-2021.11/_search
{
"query": {
"bool": {
"should": [
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/2 on (EXT-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Gi0/0/1 on (EXT-02)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/61 on (DC-01)"
}
}
},
{
"term": {
"interface_name.keyword": {
"value": "Ethernet1/17 on (DC-02)"
}
}
}
],
"minimum_should_match": 1,
"filter": [
{
"exists": {
"field": "throughput"
}
}
]
}
},
"aggs": {
"top_date": {
"top_hits": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
uj5u.com熱心網友回復:
干得好,你走在正確的道路上!您只需要聚合interface_name.keyword并獲得每個界面的熱門。
這是將按您期望的方式作業的查詢:
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"terms": {
"interface_name.keyword": [
"Gi0/0/2 on (EXT-01)",
"Gi0/0/1 on (EXT-02)",
"Ethernet1/61 on (DC-01)",
"Ethernet1/17 on (DC-02)"
]
}
},
{
"exists": {
"field": "throughput"
}
}
]
}
},
"aggs": {
"interfaces": {
"terms": {
"field": "interface_name.keyword"
},
"aggs": {
"top_date": {
"top_hits": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/357695.html
標籤:弹性搜索