如何在elasticsearch的嵌套聚合中存储空字段和非空字段?
how to bucket empty and non empty fields in nested aggregation in elasticsearch?
我在 elasticsearch 中有以下一组嵌套子聚合(field2 是 field1 的子聚合,field3 是 field2 的子聚合)。
然而事实证明,field3 的术语聚合不会存储没有 field3 的文档。
我的理解是,除了 field3 的术语查询之外,我还必须使用 Missing subaggregation 查询来存储那些。
但我不确定如何将它添加到下面的查询中以同时存储两者。
{
"size": 0,
"aggregations": {
"f1": {
"terms": {
"field": "field1",
"size": 0,
"order": {
"_count": "asc"
},
"include": [
"123"
]
},
"aggregations": {
"field2": {
"terms": {
"field": "f2",
"size": 0,
"order": {
"_count": "asc"
},
"include": [
"tr"
]
},
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
}
}
}
}
}
}
}
在 2.1.2 及更高版本中,您可以使用 missing parameter of the terms aggregation, which allows you to specify a default value for documents that are missing that field. (FYI, the missing parameter was available starting 2.0, but there was a bug 来阻止它处理子聚合,这就是您在这里使用它的方式。)
...
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0,
"missing": "n/a" <----- provide a default here
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
}
}
但是,如果您使用的是 2.x 之前的 ES 集群,您可以使用 missing aggregation 与 field3 聚合相同的深度来存储文档像这样缺少 "f3":
...
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
},
"missing_field3": {
"missing" : {
"field": "f3"
},
"aggregations": {
"aggTopMissingHit": {
"top_hits": {
"size": 1
}
}
}
}
}
我在 elasticsearch 中有以下一组嵌套子聚合(field2 是 field1 的子聚合,field3 是 field2 的子聚合)。 然而事实证明,field3 的术语聚合不会存储没有 field3 的文档。
我的理解是,除了 field3 的术语查询之外,我还必须使用 Missing subaggregation 查询来存储那些。
但我不确定如何将它添加到下面的查询中以同时存储两者。
{
"size": 0,
"aggregations": {
"f1": {
"terms": {
"field": "field1",
"size": 0,
"order": {
"_count": "asc"
},
"include": [
"123"
]
},
"aggregations": {
"field2": {
"terms": {
"field": "f2",
"size": 0,
"order": {
"_count": "asc"
},
"include": [
"tr"
]
},
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
}
}
}
}
}
}
}
在 2.1.2 及更高版本中,您可以使用 missing parameter of the terms aggregation, which allows you to specify a default value for documents that are missing that field. (FYI, the missing parameter was available starting 2.0, but there was a bug 来阻止它处理子聚合,这就是您在这里使用它的方式。)
...
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0,
"missing": "n/a" <----- provide a default here
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
}
}
但是,如果您使用的是 2.x 之前的 ES 集群,您可以使用 missing aggregation 与 field3 聚合相同的深度来存储文档像这样缺少 "f3":
...
"aggregations": {
"field3": {
"terms": {
"field": "f3",
"order": {
"_count": "asc"
},
"size": 0
},
"aggregations": {
"aggTopHits": {
"top_hits": {
"size": 1
}
}
}
},
"missing_field3": {
"missing" : {
"field": "f3"
},
"aggregations": {
"aggTopMissingHit": {
"top_hits": {
"size": 1
}
}
}
}
}