我找到了解决方案,这很奇怪。我遵循了dimzak的建议并清除了缓存:
curl --noproxy localhost -XPOST "http://localhost:9200/_cache/clear"
然后我使用了过滤,而不是按照Olly的建议进行查询:
{ "size": 0, "query": { "filtered": { "query": { "term": { "referer": "www.xx.yy.fr" } }, "filter" : { "range": { "@timestamp": { "from": "2014-10-04T00:00", "to": "2014-10-05T00:00" } } } } }, "aggs": { "interval": { "date_histogram": { "field": "@timestamp", "interval": "0.5h" }, "aggs": { "what": { "cardinality": { "field": "host" } } } } }}我不能给你们两个答案,我认为dimzak是最好的选择,但是请你们两个人赞成:)
