查询
{
"query": {
"bool": {"must": [{"match":{"url":"/api/news/get_news_detail"}}]}
}
}
查询并group by
GET m.baidu.com.log*,www.baidu.com.log*/_search
{
# 筛选字段
"_source": ["@timestamp", "clientip"],
# 统计数量
"size": 0,
"query": {
# 全部匹配
"match_all": {}
},
"aggs": {
# 按日期group by
"group_by_date": {
"terms": {
"script": {
"lang": "painless",
# 从时间截取日期
"source": """
def split_path=doc["@timestamp"].value.toString();
return split_path.substring(0,10);
"""
},
# 排序
"order": {"_key": "asc"}
},
"aggs": {
# 对指定字段distinct
"distinct_clientip": {
"cardinality": {
"field": "clientip.keyword"
}
}
}
}
}
}