Elasticsearch 多元化采集聚合

from datetime import datetime, timedelta
from elasticsearch import Elasticsearch
 
# 假设Elasticsearch服务器地址为 "http://localhost:9200"
es = Elasticsearch(["http://localhost:9200"])
 
# 定义一个函数来构造日期范围的查询
def date_range_query(field_name, from_date, to_date):
    return {
        "range": {
            field_name: {
                "gte": from_date.isoformat(),
                "lt": to_date.isoformat(),
                "format": "yyyy-MM-dd||yyyy-MM-dd HH:mm:ss"
            }
        }
    }
 
# 定义查询函数
def perform_aggregation(index_name, query, aggregation_field, aggregation_type):
    response = es.search(
        index=index_name,
        body={
            "query": query,
            "aggs": {
                "my_aggregation": {
                    aggregation_type: {
                        "field": aggregation_field,
                        "size": 10
                    }
                }
            }
        }
    )
    return response['aggregations']['my_aggregation']['buckets']
 
# 使用示例
index_name = "my_index"
aggregation_field = "my_field"
aggregation_type = "terms"
 
# 构造查询日期范围
from_date = datetime.now() - timedelta(days=7)
to_date = datetime.now()
query = date_range_query("date_field", from_date, to_date)
 
# 执行聚合查询
aggregation_buckets = perform_aggregation(index_name, query, aggregation_field, aggregation_type)
 
# 打印结果
for bucket in aggregation_buckets:
    print(f"Key: {bucket['key']}, Doc Count: {bucket['doc_count']}")

这个代码示例展示了如何在Elasticsearch中使用Python客户端执行一个基于日期范围的查询，并进行多元化采集的聚合分析。它定义了一个日期范围查询构造函数和一个执行聚合查询的函数。使用者可以根据自己的索引名、字段、查询条件和聚合类型进行调整。