【发布时间】:2021-05-14 17:59:57
【问题描述】:
我正在尝试从我的索引中返回所有名称字段和计数字段,但是当我尝试搜索数据时,没有返回任何数据(如最后一个代码存根所示)。我的索引中肯定有数据。我在 _search 命令中做错了什么?
我的映射:
PUT /visual
{
"mappings": {
"properties": {
"@timestamp": {"type": "date"},
"name": {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword"
}
}
},
"count": {"type": "integer"},
"err": {"type": "integer"},
"delta1": {"type": "integer"},
"str_list": {"type": "text"}
}
}
}
我尝试返回名称字段、计数字段和时间戳的搜索命令:
POST visual/_search
{
"query":{
"range":{
"order_date":{
"gte":"now-80d"
}
}
},
"aggs": {
"names":{
"terms":{"field":"name.keyword"},
"aggs": {
"counts":{
"terms":{"field":"count"},
"aggs": {
"time_buckets": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "1h",
"extended_bounds": {
"min": "now-80d"
},
"min_doc_count": 0
}
}
}
}
}
}
},"size":100
}
没有返回数据的响应:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"names" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [ ]
}
}
}
【问题讨论】:
-
您的映射中没有任何
order_date字段。您可能想改用@timestamp。
标签: elasticsearch elastic-stack elk