es聚合查询自动补0----java代码
ES语句
GET /event_log_hulianwang_v3/_search
{
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"event_type.keyword": "终端事件"
}
},
{
"range": {
"event_time": {
"gte": "2023-01-11 10:03:32",
"lte": "now"
}
}
}
],
"must_not": [
{
"terms": {
"event_small.keyword": [
"上线",
"下线"
]
}
}
]
}
},
"aggs": {
"monthly_events": {
"date_histogram": {
"field": "event_time",
"interval": "month",
"format": "yyyy-MM",
"min_doc_count": 0,
"extended_bounds": {
"min": "2023-03",
"max": "2024-03"
}
}
}
}
}
查询结果:
java代码实现
@Override public List<Map<String, Object>> securityEventTrends(String teb) { //存放最后的结果 List<Map<String,Object>> list=new ArrayList<>(); //1.创建搜索请求对象 SearchRequest searchRequest = new SearchRequest(index); //2.设置搜索源配置 SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder(); //3.构建QueryBuilder对象指定查询方式和查询条件 BoolQueryBuilder boolQueryBuilder = new BoolQueryBuilder(); //添加日期直方图聚合 DateHistogramAggregationBuilder monthlyEvents=null; if (teb.equals("时")){ boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件")) .must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneDayAgoDateTime()).lte(GetTimeUtil.currentDateTime())) .mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线")); // 添加日期直方图聚合 monthlyEvents = AggregationBuilders.dateHistogram("events_datas") .field("event_time") .dateHistogramInterval(DateHistogramInterval.HOUR) .format("yyyy-MM-dd HH").minDocCount(0);
// 自动补0操作 ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneDayAgoDateTime().substring(0,13), GetTimeUtil.currentDateTime().substring(0,13)); monthlyEvents.extendedBounds(extendedBounds); }else if (teb.equals("日")){ boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件")) .must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneMonthAgoDateTime()).lte(GetTimeUtil.currentDateTime())) .mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线")); // 添加日期直方图聚合 monthlyEvents = AggregationBuilders.dateHistogram("events_datas") .field("event_time") .dateHistogramInterval(DateHistogramInterval.DAY) .format("yyyy-MM-dd").minDocCount(0); ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneMonthAgoDateTime().substring(0,10), GetTimeUtil.currentDateTime().substring(0,10)); monthlyEvents.extendedBounds(extendedBounds); }else if (teb.equals("月")){ boolQueryBuilder.must(QueryBuilders.termQuery("event_type.keyword", "终端事件")) .must(QueryBuilders.rangeQuery("event_time").gte(GetTimeUtil.oneYearAgoDateTime()).lte(GetTimeUtil.currentDateTime())) .mustNot(QueryBuilders.termsQuery("event_small.keyword", "上线", "下线")); searchSourceBuilder.sort(SortBuilders.fieldSort("event_time").order(SortOrder.ASC)); // 添加日期直方图聚合 monthlyEvents = AggregationBuilders.dateHistogram("events_datas") .field("event_time") .dateHistogramInterval(DateHistogramInterval.MONTH) .format("yyyy-MM").minDocCount(0); ExtendedBounds extendedBounds = new ExtendedBounds(GetTimeUtil.oneYearAgoDateTime().substring(0,7), GetTimeUtil.currentDateTime().substring(0,7)); monthlyEvents.extendedBounds(extendedBounds); } // 将聚合添加到搜索源构建器 searchSourceBuilder.query(boolQueryBuilder) .aggregation(monthlyEvents) .size(0); // 不返回文档,只返回聚合结果 // 设置搜索请求 searchRequest.source(searchSourceBuilder); try { SearchResponse searchResponse = client.search(searchRequest,RequestOptions.DEFAULT); System.out.println("查询的es语句------------"+searchRequest); // 获取聚合结果 ParsedDateHistogram parsedDateHistogram = searchResponse.getAggregations().get("events_datas"); List<? extends Histogram.Bucket> buckets = parsedDateHistogram.getBuckets(); buckets.stream().forEach(val->{ Map<String,Object> map=new HashMap<>(); map.put(((Histogram.Bucket) val).getKeyAsString(),((Histogram.Bucket) val).getDocCount()); list.add(map); }); } catch (IOException e) { logger.info("错误日志:"+e.getMessage()); } return list; }
