如何在 Elasticsearch 查询中用具体的日期时间替换 "now"?
How to substitute "now" by a concrete datetime in Elasticsearch query?
我想在以下查询中用日期时间 2017-02-17T15:02:00 替换 now:
POST /myindex/_search
{
"size": 0,
"aggs": {
"range": {
"date_range": {
"field": "Datetime",
"ranges": [
{ "to": "now-1H/H" },
{ "from": "now/H" }
]
}
}
}
}
如果我直接用 2017-02-17T15:02:00 替换 now,则查询失败并显示错误:
type": "illegal_argument_exception", "reason": "Unrecognized chars at
the end of [2017-02-17T15:02:00/H]: [/H]"
此外,如何指定刻钟而不是 1H?
The expression starts with an anchor date, which can either be now, or a date string ending with ||.
这意味着在您的示例中,您必须将 now 替换为 2017-02-17T15:02:00||
尝试{ "to": "2017-02-17T15:02:00||-1H/H" }
要指定一刻钟,请改用分钟表示法:
{ "to": "2017-02-17T15:02:00||-15m/H" }
我想在以下查询中用日期时间 2017-02-17T15:02:00 替换 now:
POST /myindex/_search
{
"size": 0,
"aggs": {
"range": {
"date_range": {
"field": "Datetime",
"ranges": [
{ "to": "now-1H/H" },
{ "from": "now/H" }
]
}
}
}
}
如果我直接用 2017-02-17T15:02:00 替换 now,则查询失败并显示错误:
type": "illegal_argument_exception", "reason": "Unrecognized chars at the end of [2017-02-17T15:02:00/H]: [/H]"
此外,如何指定刻钟而不是 1H?
The expression starts with an anchor date, which can either be
now, or a date string ending with||.
这意味着在您的示例中,您必须将 now 替换为 2017-02-17T15:02:00||
尝试{ "to": "2017-02-17T15:02:00||-1H/H" }
要指定一刻钟,请改用分钟表示法:
{ "to": "2017-02-17T15:02:00||-15m/H" }