elasticsearch Kibana:如果两个时间戳几乎匹配,如何排除结果

eufgjt7s  于 2023-01-08  发布在  ElasticSearch
关注(0)|答案(1)|浏览(143)

我得到了两个时间戳,如果它们 * 几乎 *(基础+ 5分钟)相同,我希望从结果中排除:

"base.timestamp": [
  "2023-01-03T22:46:29.946Z"

"open.timestamp": [
  "2023-01-03T22:51:21.025Z"

因此,如果open.timestamp在base. timestamp的5分钟内,我不想包括结果。
非常感谢!:)

elasticsearch

1条答案

按热度按时间
d5vmydt9

d5vmydt91#

让我们考虑下面是你的样本数据在Elasticsearch:两份文件相差超过5分钟。

{
        "_index": "75003109",
        "_id": "y8C2gYUBeO1nh7Fpx-u1",
        "_score": 1,
        "_source": {
          "base.timestamp": "2023-01-03T22:46:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      },
      {
        "_index": "75003109",
        "_id": "zMC2gYUBeO1nh7Fp5evk",
        "_score": 1,
        "_source": {
          "base.timestamp": "2023-01-03T22:40:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      },
      {
        "_index": "75003109",
        "_id": "zcC2gYUBeO1nh7Fp_OsH",
        "_score": 1,
        "_source": {
          "base.timestamp": "2023-01-03T22:48:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      },
      {
        "_index": "75003109",
        "_id": "zsC3gYUBeO1nh7FpHut5",
        "_score": 1,
        "_source": {
          "base.timestamp": "2023-01-03T22:38:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      }

您可以使用以下查询:

{
  "query": {
    "bool": {
      "filter": [
        {
          "script": {
            "script": {
              "source": "doc['open.timestamp'].value.toInstant().toEpochMilli() - doc['base.timestamp'].value.toInstant().toEpochMilli() >=300000"
            }
          }
        }
      ]
    }
  }
}

上述查询将返回以下响应:

{
        "_index": "75003109",
        "_id": "zMC2gYUBeO1nh7Fp5evk",
        "_score": 0,
        "_source": {
          "base.timestamp": "2023-01-03T22:40:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      },
      {
        "_index": "75003109",
        "_id": "zsC3gYUBeO1nh7FpHut5",
        "_score": 0,
        "_source": {
          "base.timestamp": "2023-01-03T22:38:29.946Z",
          "open.timestamp": "2023-01-03T22:51:21.025Z"
        }
      }
赞(0)分享  回复(0)举报  2023-01-08
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com