以下两种查询理论结果应该一致,但是不明白为什么查到的结果不一样。
一、第一种查询方式:
GET */_search?size=0
{
"track_total_hits": true,
"aggs": {
"range": {
"date_range": {
"field": "@timestamp",
"format": "yyyy-MM-dd HH:mm:ss",
"ranges": [
{
"from": "now-1m/m",
"to": "now"
}
]
}
}
}
}
结果:
{
"took" : 9899,
"timed_out" : false,
"_shards" : {
"total" : 93,
"successful" : 93,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 149443090,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"range" : {
"buckets" : [
{
"key" : "2023-11-01 02:20:00-2023-11-01 02:21:21",
"from" : 1.6988052E12,
"from_as_string" : "2023-11-01 02:20:00",
"to" : 1.698805281507E12,
"to_as_string" : "2023-11-01 02:21:21",
"doc_count" : 9251
}
]
}
}
}
二、第二种查询方式
{
"track_total_hits": true,
"query": {
"range": {
"@timestamp": {
"from": "now-1m",
"to": "now",
"format": "yyyy-MM-dd HH:mm:ss.SSS",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
}
结果:
{
"took" : 52,
"timed_out" : false,
"_shards" : {
"total" : 93,
"successful" : 93,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 815,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
}
}
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
