尝试使用以下类型的ElasticSearch日志构建日期直方图:
{
"_index": "foo"
"_source": {
[…]
"time": "2013-06-12T14:43:13.238-07:00",
"userName": "bar"
}
}
中,直方图以每"天"为间隔存储"时间"字段,但在其中,单个userName的多次出现只被计数一次。
我已经试过了:
{
"query" : {
"match_all" : {}
},
"facets" : {
"histo1" : {
"date_histogram" : {
"key_field" : "time",
"value_script" : "doc['userName'].values.length",
"interval" : "day"
}
}
}
}
中,我期望每个"histo1"条目的最小|最大|平均值是各自时间桶中唯一用户的数量。但是结果始终返回min = max = mean = 1
"histo1": {
"_type": "date_histogram",
"entries": [
{
"time": 1370908800000,
"count": 11,
"min": 1,
"max": 1,
"total": 11,
"total_count": 11,
"mean": 1
},
{
"time": 1370995200000,
"count": 18,
"min": 1,
"max": 1,
"total": 18,
"total_count": 18,
"mean": 1
}
]
}
我是否误解了键/值在日期直方图中的工作方式?
我最终使用elasticsearch时间面插件:https://github.com/crate/elasticsearch-timefacets-plugin
其他选项包括:
- https://github.com/bleskes/elasticfacets
- https://github.com/ptdavteam/elasticsearch-approx-plugin
它们都只支持ES版本<0.90,不幸的是。