当我在Elasticsearch(通过Kibana开发工具)上执行如下查询时
GET _search
{
"query": {
"match": {
"node_id": "Abc"
}
}
}
我得到下面结果的样本。结果有一个ts键,它是date格式,而不是时间戳格式。我如何写一个查询,使这个ts字段是在时间戳?有办法指定格式吗?
"_source" : {
"organization_eid" : "Ga2",
"node_id" : "Abc",
"ts" : "2021-02-27T00:18:39.75226593Z
}
:
我在查询中在_source之上添加了docvalue_fields。我的整个查询如下:
GET _search
{
"version": true,
"size": 500,
"sort": [
{
"ts": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"docvalue_fields": [
{
"field": "ts",
"format": "epoch_millis"
}
],
"_source": {
"excludes": []
},
"aggs": {
"2": {
"date_histogram": {
"field": "ts",
"fixed_interval": "10m",
"time_zone": "America/Los_Angeles",
"min_doc_count": 1
}
}
},
"stored_fields": [
"*"
],
"script_fields": {},
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"range": {
"ts": {
"format": "strict_date_optional_time",
"gte": "2021-03-03T00:30:00.000Z",
"lte": "2021-03-03T12:00:00.000Z"
}
}
}
],
"should": [],
"must_not": []
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {}
},
"fragment_size": 2147483647
}
}
hits部分)
"hits" : [
{
"_index" : "url.0.2_6_18689",
"_type" : "_doc",
"_id" : "...",
"_version" : 1,
"_score" : null,
"_source" : {
"organization_eid" : "Ga2",
"node_id" : "Abc",
"ts" : "2021-03-03T11:59:30.705142021Z",
"destination" : "....",
"fields" : {
"ts" : [
"1614772770705"
]
如上所示,在fields中,ts被转换为timestamp,但在_source中,ts仍然在datetime中。
我错过了什么?
您可以做的是利用文档值字段来检索原始时间戳值:
GET _search
{
"docvalue_fields": [ "ts" ], <---- add this
"_source": ["organization_eid", "node_id"],
"query": {
"match": {
"node_id": "Abc"
}
}
}