ES语句
GET /event_log_hulianwang_v3/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"event_type.keyword": "终端事件"
}
},
{
"range": {
"event_time": {
"gte": "2023-01-11 10:03:32",
"lte": "now"
}
}
}
],
"must_not": [
{
"terms": {
"event_small.keyword": [
"上线",
"下线"
]
}
}
]
}
},
"aggs": {
"monthly_events": {
"date_histogram": {
"field": "event_time",
"interval": "month",
"format": "yyyy-MM",
"min_doc_count": 0,
"extended_bounds": {
"min": "2023-03",
"max": "2024-03"
}
}
}
}
}
查询结果:
java代码实现
@Override
public List<Map<String, Object>> securityEventTrends(String teb) {
//存放最后的结果
List<Map<String,Object>> list=new ArrayList<>();
//1.创建搜索请求对象
SearchRequest searchRequest = new SearchRequest(index);
//2.设置搜索源配置
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
//3.构建QueryBuilder对象指定查询方式和查询条件
BoolQueryBuilder boolQueryBuilder = new BoolQueryBuilder();
//添加日期直方图聚合
DateHistogramAggregationBuilder monthlyEvents=null;
if (teb.equals("时")){
boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件"))
.must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneDayAgoDateTime()).lte(GetTimeUtil.currentDateTime()))
.mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线"));
// 添加日期直方图聚合
monthlyEvents = AggregationBuilders.dateHistogram("events_datas")
.field("event_time")
.dateHistogramInterval(DateHistogramInterval.HOUR)
.format("yyyy-MM-dd HH").minDocCount(0);
// 自动补0操作
ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneDayAgoDateTime().substring(0,13), GetTimeUtil.currentDateTime().substring(0,13));
monthlyEvents.extendedBounds(extendedBounds);
}else if (teb.equals("日")){
boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件"))
.must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneMonthAgoDateTime()).lte(GetTimeUtil.currentDateTime()))
.mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线"));
// 添加日期直方图聚合
monthlyEvents = AggregationBuilders.dateHistogram("events_datas")
.field("event_time")
.dateHistogramInterval(DateHistogramInterval.DAY)
.format("yyyy-MM-dd").minDocCount(0);
ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneMonthAgoDateTime().substring(0,10), GetTimeUtil.currentDateTime().substring(0,10));
monthlyEvents.extendedBounds(extendedBounds);
}else if (teb.equals("月")){
boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件"))
.must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneYearAgoDateTime()).lte(GetTimeUtil.currentDateTime()))
.mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线"));
searchSourceBuilder.sort(SortBuilders.fieldSort("event_time").order(SortOrder.ASC));
// 添加日期直方图聚合
monthlyEvents = AggregationBuilders.dateHistogram("events_datas")
.field("event_time")
.dateHistogramInterval(DateHistogramInterval.MONTH)
.format("yyyy-MM").minDocCount(0);
ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneYearAgoDateTime().substring(0,7), GetTimeUtil.currentDateTime().substring(0,7));
monthlyEvents.extendedBounds(extendedBounds);
}
// 将聚合添加到搜索源构建器
searchSourceBuilder.query(boolQueryBuilder)
.aggregation(monthlyEvents)
.size(0); // 不返回文档,只返回聚合结果
// 设置搜索请求
searchRequest.source(searchSourceBuilder);
try {
SearchResponse searchResponse = client.search(searchRequest,RequestOptions.DEFAULT);
System.out.println("查询的es语句------------"+searchRequest);
// 获取聚合结果
ParsedDateHistogram parsedDateHistogram = searchResponse.getAggregations().get("events_datas");
List<? extends Histogram.Bucket> buckets = parsedDateHistogram.getBuckets();
buckets.stream().forEach(val->{
Map<String,Object> map=new HashMap<>();
map.put(((Histogram.Bucket) val).getKeyAsString(),((Histogram.Bucket) val).getDocCount());
list.add(map);
});
} catch (IOException e) {
logger.info("错误日志:"+e.getMessage());
}
return list;
}
标签:GetTimeUtil,extendedBounds,java,QueryBuilders,----,time,new,event,es From: https://www.cnblogs.com/dabu/p/18068864