使用python比较elasticsearch中的created_time和updated_time

Question

我尝试过这个查询：

body = {
    "query": {
       "bool": {
           "must_not": [{
               "match": {
                  "script": "doc['updated_time'].value == doc['created_time'].value"
                 }
          }]
       }
    }
}

我的索引文档是：

"hits" : [
      {
        "_index" : "cam_canvas_update",
        "_type" : "_doc",
        "_id" : "101",
        "_score" : 1.0,
        "_source" : {
          "created_time" : "2021-08-11T13:44:13.282406282Z",
          "updated_time" : "2021-08-11T13:44:13.285397500Z",
          "engagement" : "Ford",
          "tag_set_2" : "Renew",
          "tag_set_3" : "Disputed",
          "instance_numbers" : 1,
          "canvas_name" : "First",
          "recordid" : "ford1",
          "pf" : "C6000",
          "tag_set_1" : "Sally",
          "ldos_date" : "7/7/2018",
          "architecture" : "webex"
      }
]

我想比较所有文档的created_time和更新时间，因为输出只需要更新文档。我只想在elasticsearch中使用已更新的文档编写csv。

Answer 1

您需要在查询中使用filter和script，如下所示：

{
    "query": {
        "bool": {
            "filter": [{
                "script": {
                    "script": "doc['updated_time'].value != doc['created_time'].value"
                }
            }]
        }
    }
}

如果您不想比较毫秒数，可以使用此脚本而不是以前的版本：

{
  "query": {
    "bool": {
      "filter": [
        {
          "script": {
            "script": {
              "inline": "doc['updated_time'].value.getMillis()/1000 != doc['created_time'].value.getMillis()/1000",
              "lang": "painless"
            }
          }
        }
      ]
    }
  }
}

如果您对此查询有任何问题，请告诉我。