1. 根据时间范围查询,获取平均值、最大值
GET bk-nginx-access-2021.01.29/_search
{
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "2021-01-29T06:00:00.000Z",
"lte": "2021-01-29T06:30:00.000Z"
}
}
}
}
},
"size": 0,
"aggs": {
"avg_response_time":{
"avg":{
"field":"response_time"
}
},
"max_response_time":{
"max":{
"field":"response_time"
}
}
}
}
2.过滤指定字段 1
GET bk-nginx-access-2021.01.07/_search
{
"query": {
"bool": {
"filter": {
"range": {
"status": {
"gte": 400
}
}
}
}
},
"size": 0,
"aggs": {
"status_group": {
"terms": {
"field":"status"
},"aggs":{
"url_group": {
"terms": {
"field":"url.keyword"
}
}
}
}
}
}
3.过滤指定字段 2
GET bk-nginx-access-2021.01.07/_search
{
"size": 0,
"query": {
"bool": {
"filter": {
"terms": {
"url.keyword": [
"/smtapp/servicePools/findListForApp.do "
]
}
}
}
},
"aggs": {
"group_by_state": {
"terms": {
"field":"url.keyword"
}
}
}
}
4.输出指定key
GET bk-nginx-access-2021.01.07/_search?pretty
{
"_source": {
"includes":["url","status"]
}
}
5.先过滤再计算聚合1
GET bk-nginx-access-2021.01.28/_search?size=0
{
"query": {
"bool": {
"filter": {
"range": {
"time_local": {
"from": "2021-01-29T00:00:00",
"to": "2021-01-29T00:30:00"
}
}
}
}
},
"size": 0,
"aggs": {
"avg_response_time":{
"avg": {
"field":"response_time"
}
},
"avg_request_time": {
"avg": {
"field": "request_time"
}
},
"max_response_time":{
"max":{
"field": "response_time"
}
},
"max_quest_time": {
"max": {
"field": "request_time"
}
}
}
}
6. 先过滤再聚合2
GET /monitor-platform-java-*/_search
{
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"json.time.keyword": {
"gte": "2021-02-19 07:00:00",
"lte": "2021-02-19 07:30:00"
}
}
}
}
},
"aggs": {
"value_count": {
"terms": {
"field":"json.level.keyword"
}
}
}
}
7.查询索引创建时间、大小
GET _cat/indices?h=i,store.size,creation.date.string