есть ли способ применить пост-фильтр в Elasticsearch только к агрегированному результату по всему документу? - PullRequest
Новая
       12

есть ли способ применить пост-фильтр в Elasticsearch только к агрегированному результату по всему документу?

0 голосов
/ 17 апреля 2020

Я создаю информационную панель для количества активных пользователей в моем приложении с помощью Elasticsearch и kibana. так что я пытаюсь сделать это получить последнее действие каждого пользователя, в основном действие содержит вход в систему, выход из системы, change_password каждого пользователя, тогда, если последним действием является вход в систему, то пользователь активен. дайте мне знать, если мой лог c правильно. После того, как запрос будет готов, я создам агрегатор metri c в визуализации kibana, чтобы показать количество активных пользователей.

Вот то, что я пытался.

мой эластичный запрос 

{
  "query": {
    "match": {
      "action.keyword": "LOGIN"
    }
  },
  "collapse": {
    "field": "principal.keyword"
  },
  "sort": [
    {
      "timestamp": {
        "order": "desc"
      }
    }
  ]
}

Вот ответ 

{
  "took" : 3,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
        "_score" : null,
        "_source" : {
          "id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104659807,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        },
        "fields" : {
          "principal.keyword" : [
            "rootuser_09"
          ]
        },
        "sort" : [
          1587104659807
        ]
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
        "_score" : null,
        "_source" : {
          "id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
          "entityType" : "indexname",
          "userId" : "3000",
          "principal" : "rootuser",
          "managedSysId" : "0",
          "timestamp" : 1587104336316,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "3000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        },
        "fields" : {
          "principal.keyword" : [
            "rootuser"
          ]
        },
        "sort" : [
          1587104336316
        ]
      }
    ]
  }
}

мой запрос, хотя последнее действие этих пользователей - ВЫХОД, он возвращает данные ВХОДА, я думаю, что совпадение запрос выполняется для всего набора данных вместо агрегированного результата

ниже запроса возвращает все данные в моем индексе 

{
  "query": {
    "match_all": {}
  }
}

выше результата запроса 

{
  "took" : 10,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 14,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "ede971d5-d284-4205-96b0-6ee4cc441d83",
        "_score" : 1.0,
        "_source" : {
          "id" : "ede971d5-d284-4205-96b0-6ee4cc441d83",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104355983,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "03d86e04-f031-4601-9ca0-cd11c0be39a0",
        "_score" : 1.0,
        "_source" : {
          "id" : "03d86e04-f031-4601-9ca0-cd11c0be39a0",
          "entityType" : "indexname",
          "userId" : null,
          "principal" : "rootuser_09",
          "managedSysId" : null,
          "timestamp" : 1587104356225,
          "source" : null,
          "clientIP" : null,
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN_FROM_SAME",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [
            {
              "key" : "DESCRIPTION",
              "value" : "NameMisamtchlog:Old user logged in from same browser:rootuser,Current user:rootuser_09",
              "timestamp" : 1587104356225
            }
          ],
          "targets" : [ ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "a283bf8f-5d98-4b73-913c-483fcc721f5d",
        "_score" : 1.0,
        "_source" : {
          "id" : "a283bf8f-5d98-4b73-913c-483fcc721f5d",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : null,
          "timestamp" : 1587105465016,
          "source" : "https://localhost:8443/webconsole/menu/IDMAN",
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGOUT",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [ ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "d0ebf819-506a-493e-9b2e-a427073b038e",
        "_score" : 1.0,
        "_source" : {
          "id" : "d0ebf819-506a-493e-9b2e-a427073b038e",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104270464,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "c947ed80-2c9e-4793-83b6-ef345a3bed14",
        "_score" : 1.0,
        "_source" : {
          "id" : "c947ed80-2c9e-4793-83b6-ef345a3bed14",
          "entityType" : "indexname",
          "userId" : null,
          "principal" : "rootuser_09",
          "managedSysId" : null,
          "timestamp" : 1587104270739,
          "source" : null,
          "clientIP" : null,
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN_FROM_SAME",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [
            {
              "key" : "DESCRIPTION",
              "value" : "NameMisamtchlog:Old user logged in from same browser:rootuser,Current user:rootuser_09",
              "timestamp" : 1587104270739
            }
          ],
          "targets" : [ ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "a3a8bce5-f246-4c26-ba69-d2ca1917b650",
        "_score" : 1.0,
        "_source" : {
          "id" : "a3a8bce5-f246-4c26-ba69-d2ca1917b650",
          "entityType" : "indexname",
          "userId" : "3000",
          "principal" : "rootuser",
          "managedSysId" : "0",
          "timestamp" : 1587104280465,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "3000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "36c3d2e0-9051-4a55-a5f3-63f5874de951",
        "_score" : 1.0,
        "_source" : {
          "id" : "36c3d2e0-9051-4a55-a5f3-63f5874de951",
          "entityType" : "indexname",
          "userId" : null,
          "principal" : "rootuser",
          "managedSysId" : null,
          "timestamp" : 1587104280744,
          "source" : null,
          "clientIP" : null,
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN_FROM_SAME",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [
            {
              "key" : "DESCRIPTION",
              "value" : "NameMisamtchlog:Old user logged in from same browser:rootuser_09,Current user:rootuser",
              "timestamp" : 1587104280744
            }
          ],
          "targets" : [ ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
        "_score" : 1.0,
        "_source" : {
          "id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104659807,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
        "_score" : 1.0,
        "_source" : {
          "id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
          "entityType" : "indexname",
          "userId" : "3000",
          "principal" : "rootuser",
          "managedSysId" : "0",
          "timestamp" : 1587104336316,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "3000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "e9b520fc-e7e8-4cbf-9924-2ef0a05ac1c4",
        "_score" : 1.0,
        "_source" : {
          "id" : "e9b520fc-e7e8-4cbf-9924-2ef0a05ac1c4",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : null,
          "timestamp" : 1587104273508,
          "source" : "https://localhost:8443/selfservice/menu/SELFSERVICE_MYINFO",
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGOUT",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [ ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      }
    ]
  }
}

соответствует запросу на вход в систему для всего набора данных 

{
  "query": {
    "match": {
      "action.keyword": "LOGIN"
    }
  }
}

ответ на запрос выше 

{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5,
      "relation" : "eq"
    },
    "max_score" : 1.0033021,
    "hits" : [
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "ede971d5-d284-4205-96b0-6ee4cc441d83",
        "_score" : 1.0033021,
        "_source" : {
          "id" : "ede971d5-d284-4205-96b0-6ee4cc441d83",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104355983,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "d0ebf819-506a-493e-9b2e-a427073b038e",
        "_score" : 1.0033021,
        "_source" : {
          "id" : "d0ebf819-506a-493e-9b2e-a427073b038e",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104270464,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "a3a8bce5-f246-4c26-ba69-d2ca1917b650",
        "_score" : 1.0033021,
        "_source" : {
          "id" : "a3a8bce5-f246-4c26-ba69-d2ca1917b650",
          "entityType" : "indexname",
          "userId" : "3000",
          "principal" : "rootuser",
          "managedSysId" : "0",
          "timestamp" : 1587104280465,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "3000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
        "_score" : 1.0033021,
        "_source" : {
          "id" : "023079d8-b94c-4831-9135-0b75c6d423c2",
          "entityType" : "indexname",
          "userId" : "ff8081816e87f4f8016e8d4aff6f0000",
          "principal" : "rootuser_09",
          "managedSysId" : "0",
          "timestamp" : 1587104659807,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS",
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "ff8081816e87f4f8016e8d4aff6f0000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser_09"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      },
      {
        "_index" : "indexname",
        "_type" : "_doc",
        "_id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
        "_score" : 1.0033021,
        "_source" : {
          "id" : "873816ad-7e46-4ffa-abf9-1ea5a0bcf04b",
          "entityType" : "indexname",
          "userId" : "3000",
          "principal" : "rootuser",
          "managedSysId" : "0",
          "timestamp" : 1587104336316,
          "source" : null,
          "clientIP" : "127.0.0.1",
          "nodeIP" : "username-Latitude",
          "action" : "LOGIN",
          "result" : "SUCCESS"
          "correlationId" : null,
          "customRecords" : [ ],
          "targets" : [
            {
              "targetId" : "3000",
              "targetType" : "USER",
              "objectPrincipal" : "rootuser"
            }
          ],
          "parentLogs" : [ ],
          "childLogs" : [ ],
          "userAgent" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"
        }
      }
    ]
  }
}

Это будет отличная помощь. большое спасибо

1 Ответ

0 голосов
/ 18 апреля 2020

Свернуть применяется после запроса и пост-фильтра. Таким образом, вы не можете запустить фильтр для свернутых полей

Это можно сделать в агрегации.

Я использовал условия агрегации , макс агрегации , агрегация фильтра и агрегация селектора сегментов

Данные 

 [
      {
        "_index" : "index6",
        "_type" : "_doc",
        "_id" : "T1n7jHEBF99yL6wFi1ji",
        "_score" : 1.0,
        "_source" : {
          "userid" : 1,
          "timestamp" : "2020-04-18T00:00:00",
          "action" : "LOGIN"
        }
      },
      {
        "_index" : "index6",
        "_type" : "_doc",
        "_id" : "UFn7jHEBF99yL6wFtFhz",
        "_score" : 1.0,
        "_source" : {
          "userid" : 1,
          "timestamp" : "2020-04-18T01:00:00",
          "action" : "LOGOUT"
        }
      },
      {
        "_index" : "index6",
        "_type" : "_doc",
        "_id" : "UVn7jHEBF99yL6wF21ia",
        "_score" : 1.0,
        "_source" : {
          "userid" : 2,
          "timestamp" : "2020-04-18T00:00:00",
          "action" : "LOGIN"
        }
      },
      {
        "_index" : "index6",
        "_type" : "_doc",
        "_id" : "Uln7jHEBF99yL6wF8Fip",
        "_score" : 1.0,
        "_source" : {
          "userid" : 2,
          "timestamp" : "2020-04-18T01:00:00",
          "action" : "LOGOUT"
        }
      },
      {
        "_index" : "index6",
        "_type" : "_doc",
        "_id" : "U1n8jHEBF99yL6wFFFh1",
        "_score" : 1.0,
        "_source" : {
          "userid" : 2,
          "timestamp" : "2020-04-18T02:00:00",
          "action" : "LOGIN"
        }
      }
    ]

Пользователь1: выход из последнего действия Пользователь2: вход в последнее действие

Запрос: 

{
  "size": 0,
  "aggs": {
    "users": {
      "terms": {
        "field": "userid",
        "size": 10
      },
      "aggs": {
        "last_visted_date": {
          "max": {
            "field": "timestamp"
          }
        },
        "activity_login": {
          "filter": {
            "term": {
              "action.keyword": "LOGIN"
            }
          },
          "aggs": {
            "last_login_date": {
              "max": {
                "field": "timestamp"
              }
            }
          }
        },
        "active_users":{
          "bucket_selector": {
            "buckets_path": {
              "lastvisted":"last_visted_date",
              "lastlogindate":"activity_login>last_login_date"
            },
            "script": "if(params.lastvisted==params.lastlogindate){return true;}else{return false;}"
          }
        }
      }
    }
  }
}

Выполните агрегирование терминов для пользователя и найдите дату последнего входа в систему и дату последнего посещения. Если оба являются одинаковыми, верните пользователя 

User1
     LastVistedDate: "2020-04-18T01:00:00"  
     LastLoginDate : "2020-04-18T00:00:00"
     Don't return since both are not same

User2
     LastVistedDate: "2020-04-18T02:00:00.000"  
     LastLoginDate : "2020-04-18T02:00:00.000"
     Return since both are not same

Результат: 

"users" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : 2,
          "doc_count" : 3,
          "activity_login" : {
            "doc_count" : 2,
            "last_login_date" : {
              "value" : 1.5871752E12,
              "value_as_string" : "2020-04-18T02:00:00.000Z"
            }
          },
          "last_visted_date" : {
            "value" : 1.5871752E12,
            "value_as_string" : "2020-04-18T02:00:00.000Z"
          }
        }
      ]
    }
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Нет похожих вопросов

...