ElasticSearch：使用dsl语句同时查询出最近2小时、最近1天、最近7天、最近30天的数量

场景

需要使用dsl语句同时查询出最近2小时、最近1天、最近7天、最近30天的数量，如果按照常规逻辑，需要写四个dsl语句，才能查询出来，那么能不能使用一句dsl就可以查询出结果呢？

show time

GET alarm_forward_history_*/_search
{"size": 0,"query": {"bool": {"must": [{"term": {"sourceName": {"value": "运维123"}}},{"term": {"sourceAlertKey": {"value": "生产问题描述223"}}},{"term": {"cmdb.app_name": {"value": "dba数据库"}}}]}},"aggs": {"date": {"date_range": {"field": "@timestamp","ranges": [{"from": "now-2h","to": "now","key": "lastTwoHour"},{"from": "now-1d","to": "now","key": "lastDay"},{"from": "now-7d","to": "now","key": "lastSevenDay"},{"from": "now-30d","to": "now","key": "lastMonth"}]}}}
}

输出结果大致如下：

"aggregations" : {"date" : {"buckets" : [{"key" : "lastMonth","from" : 1.728359639296E12,"from_as_string" : "2024-10-08T03:53:59.296Z","to" : 1.730951639296E12,"to_as_string" : "2024-11-07T03:53:59.296Z","doc_count" : 7},{"key" : "lastSevenDay","from" : 1.730346839296E12,"from_as_string" : "2024-10-31T03:53:59.296Z","to" : 1.730951639296E12,"to_as_string" : "2024-11-07T03:53:59.296Z","doc_count" : 0},{"key" : "lastDay","from" : 1.730865239296E12,"from_as_string" : "2024-11-06T03:53:59.296Z","to" : 1.730951639296E12,"to_as_string" : "2024-11-07T03:53:59.296Z","doc_count" : 0},{"key" : "lastTwoHour","from" : 1.730944439296E12,"from_as_string" : "2024-11-07T01:53:59.296Z","to" : 1.730951639296E12,"to_as_string" : "2024-11-07T03:53:59.296Z","doc_count" : 0}]}}
}

总结

• 直接采用date_range函数，即可解决