Ex
String datetime = doc['@timestamp'].value;
ZonedDateTime zdt = ZonedDateTime.parse(datetime);
String ret = zdt.format(DateTimeFormatter.ISO_INSTANT);
return ret;
ZonedDateTime input = doc['@timestamp'].value;
String output = input.format(DateTimeFormatter.ISO_INSTANT);
return output;Node.js
{
"index": "schedule_list_*",
"body": {
"from": 0,
"size": 10000,
"query": {
"bool": {
"filter": [
{ "term": { "isDel": false } },
{ "range": {
"created_at": {
"gte": "2021-03-01T00:00:00.000Z",
"lte": "2021-12-31T00:00:00.000Z"
}
}
}.
{
"bool": {
"must": {
"bool": {
"should": [
{
"bool": {
"must": [
{ "term": { "type": "alive" } },
{ "terms": { "code": ["code1", "code2"] } }
]
}
},
{
"bool": {
"must": [
{ "term": { "type": "suspend" } },
{ "terms": { "code": ["code3", "code4"] } },
{ "term": { "status": "approved" } },
]
}
}
]
}
}
}
}
]
}
},
"sort": [
{
"_script": {
"type": "number",
"script": {
"params": { "score": { "alive": 0, "suspend": 1, "wating": 2 } },
"source": "params.score[doc.type.value]"
},
"order": "asc"
}
},
{
"_script": {
"type": "string",
"script": {
"lang": "painless",
"source": `if(doc['type']=='suspend' && doc['info.run_at'].size() > 0 && doc['info.run_at'] != null){
ZonedDateTime z = doc['info.run_at'].value;
return z.format(DateTimeFormatter.ISO_INSTANT);
} else {
ZonedDateTime z = doc['created_at'].value;
return z.format(DateTimeFormatter.ISO_INSTANT);
}`
},
"order": "desc"
}
},
{ "updated_at": { "order": "desc" } }
]
}
}반응형
'lang > ELK' 카테고리의 다른 글
| ELK sort script (0) | 2021.02.25 |
|---|---|
| ELK, EFK Stack, And Splunk (0) | 2016.06.29 |