elasticsearch学习总结（三） API的使用范例3

二、按时间分段统计事件次数

1、Rest api方式

GET /gzns_access/_search
{
  "aggs":{
    "counts":{
      "date_range": {
        "field": "@timestamp",
        "format":"yyyy-MM-dd HH:mm:ss",
        "ranges":[
          {
            "from":"2017-05-31 00:00:00",
            "to":"2017-05-31 23:59:59"
          },
          {
            "from":"2017-06-01 00:00:00",
            "to":"2017-06-01 23:59:59"
          }
        ]
      }
    }
  }
}

2、java api方式

public List<ReportViewVO> getTimeRangeList(ReportViewVO param){
SearchRequestBuilder requestbuilder = client.prepareSearch(param.getIndex());

BoolQueryBuilder bqb = QueryBuilders.boolQuery();
String host = param.getHost();
if(StringUtils.isNotEmpty(host))
{
bqb.must(QueryBuilders.termQuery("host", param.getHost()));
}
String type = param.getType();
if(StringUtils.isNotEmpty(type))
{
bqb.must(QueryBuilders.termQuery("_type", param.getHost()));
}
requestbuilder.setQuery(bqb);

//时间区间统计
DateRangeAggregationBuilder aggregation = AggregationBuilders.dateRange("counts").field("@timestamp").format("yyyy-MM-dd HH:mm:ss");
List<TimeRangeVO> timeRanges = param.getTimeRange();
for(TimeRangeVO item : timeRanges){
aggregation.addRange(item.getStart(), item.getEnd());
}
requestbuilder.addAggregation(aggregation);

SearchResponse myresponse = requestbuilder.get();
Map<String, Aggregation> aggMap = myresponse.getAggregations().asMap();
InternalDateRange idr = (InternalDateRange) aggMap.get("counts");
List<InternalDateRange.Bucket> buckets = idr.getBuckets();
List<ReportViewVO> list = new ArrayList<ReportViewVO>();
ReportViewVO item = null;
for(InternalDateRange.Bucket bucket : buckets){
item = new ReportViewVO();

item.setTimestamp(bucket.getKeyAsString());
item.setValue(bucket.getDocCount());
list.add(item);
}
return list;
}