为了使其工作,您需要像这样修改映射:
PUT /locations{ "mappings": { "location": { "properties": { "location": { "type": "geo_point" }, "timestampMs": { "type": "long" }, "accuracy": { "type": "long" } } } }}然后,当您为文档建立索引时,需要将纬度和经度除以10000000,然后像这样进行索引:
PUT /locations/location/1{ "timestampMs": "1461820561530", "location": { "lat": -37.8103308, "lon": 14.4967407 }, "accuracy": 35}最后,您的搜索查询如下…
POST /locations/location/_search{ "aggregations": { "zoomedInView": { "filter": { "geo_bounding_box": { "location": { "top_left": "-37, 14", "bottom_right": "-38, 15" } } }, "aggregations": { "zoom1": { "geohash_grid": { "field": "location", "precision": 6 }, "aggs": { "ts": { "date_histogram": { "field": "timestampMs", "interval": "15m", "format": "DDD yyyy-MM-dd HH:mm" } } } } } } }}…将产生以下结果:
{ "aggregations": { "zoomedInView": { "doc_count": 1, "zoom1": { "buckets": [ { "key": "k362cu", "doc_count": 1, "ts": { "buckets": [ { "key_as_string": "Thu 2016-04-28 05:15", "key": 1461820500000, "doc_count": 1 } ] } } ] } } }}更新
根据我们的讨论,这是一个可以为您服务的解决方案。使用Logstash,您可以调用您的API并检索大的JSON文档(使用
http_pollerinput),提取/转换所有位置并将其轻松沉入Elasticsearch(带有
elasticsearch输出)。
这是如何格式化我最初回答中描述的每个事件的方式。
- 使用,
http_poller
您可以检索JSON位置(请注意,我已将轮询间隔设置为1天,但是您可以将其更改为其他值,或者每次想要检索位置时都可以手动运行Logstash) - 然后,我们
split
将位置数组分解为单个事件 - 然后,我们将纬度/经度字段除以10,000,000,以获得适当的坐标
- 我们还需要通过移动和删除一些字段来对其进行清理
- 最后,我们只是将每个事件发送到Elasticsearch
Logstash配置
locations.conf:
input { http_poller { urls => { get_locations => { method => get url => "http://your_api.com/locations.json" headers => { Accept => "application/json" } } } request_timeout => 60 interval => 86400000 prec => "json" }}filter { split { field => "locations" } ruby { pre => " event['location'] = { 'lat' => event['locations']['latitudeE7'] / 10000000.0, 'lon' => event['locations']['longitudeE7'] / 10000000.0 } " } mutate { add_field => { "timestampMs" => "%{[locations][timestampMs]}" "accuracy" => "%{[locations][accuracy]}" "junk_i_want_to_save_but_ignore" => "%{[locations][junk_i_want_to_save_but_ignore]}" } remove_field => [ "locations", "@timestamp", "@version" ] }}output { elasticsearch { hosts => ["localhost:9200"] index => "locations" document_type => "location" }}然后可以使用以下命令运行:
bin/logstash -f locations.conf
运行该命令后,您可以启动搜索查询,并且应该得到期望的结果。
