按字段聚合,然后求和另一个字段的值
Aggregation by field and then sum value of another field
我需要按一个字段聚合,然后在同一个聚合中,计算与另一个字段值的总和。但是当执行查询时,第一个聚合是可以的,但总和总是 0.
示例索引:
{
"mappings": {
"transaction": {
"dynamic": "strict",
"properties": {
"transaction": {
"properties": {
"amount": {
"type": "double"
}
}
},
"infrastructureElement": {
"type": "nested",
"properties": {
"infrastructureElementSubType": {
"type": "keyword"
}
}
}
}
}
}
}
在下面的查询中,按 infrastructureElement.infrastructureElementSubType 聚合,然后在另一个聚合中对值 transactionPurchase.amount 求和:
{
"aggs": {
"group_by_infrastructure_element": {
"nested": {
"path": "infrastructureElement"
},
"aggs": {
"group_by_ie_subtype": {
"terms": {
"field": "infrastructureElement.infrastructureElementSubType"
},
"aggs": {
"revenue": {
"sum": {
"field": "transactionPurchase.amount"
}
}
}
}
}
}
}
}
当前结果:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
...
},
"aggregations": {
"group_by_infrastructure_element": {
"doc_count": 365,
"group_by_ie_subtype": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "MOBILE",
"doc_count": 1,
"revenue": {
"value": 0
}
}
]
}
}
}
}
提前致谢!
您需要使用 Reverse Nested Aggregation and then chain in the Sum Aggregation 来计算您要查找的内容:
聚合查询:
POST <your_index_name>/_search
{
"size":0,
"aggs":{
"myterms":{
"nested":{
"path":"infrastructureElement"
},
"aggs":{
"myterms":{
"terms":{
"field":"infrastructureElement.infrastructureElementSubType",
"size":10
},
"aggs":{
"reverse":{
"reverse_nested":{},
"aggs":{
"revenue":{
"sum":{
"field":"transaction.amount"
}
}
}
}
}
}
}
}
}
}
还要注意映射的结构,字段 transaction 不是 Nested Type but a simple Object Type。现在,如果您在嵌套聚合中,则需要遍历回到根,然后执行度量聚合,例如求和以计算 amount
请注意以下针对我创建的示例文档的回复。
POST someaggregation/_doc/1
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type1"
},
{
"infrastructureElementSubType": "type2"
}
]
}
POST someaggregation/_doc/2
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type1"
},
{
"infrastructureElementSubType": "type2"
}
]
}
POST someaggregation/_doc/3
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type3"
},
{
"infrastructureElementSubType": "type4"
}
]
}
回复:
{
"took" : 519,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"myterms" : {
"doc_count" : 6,
"myterms" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "type1",
"doc_count" : 2,
"reverse" : {
"doc_count" : 2,
"revenue" : {
"value" : 200.0
}
}
},
{
"key" : "type2",
"doc_count" : 2,
"reverse" : {
"doc_count" : 2,
"revenue" : {
"value" : 200.0
}
}
},
{
"key" : "type3",
"doc_count" : 1,
"reverse" : {
"doc_count" : 1,
"revenue" : {
"value" : 100.0
}
}
},
{
"key" : "type4",
"doc_count" : 1,
"reverse" : {
"doc_count" : 1,
"revenue" : {
"value" : 100.0
}
}
}
]
}
}
}
}
希望这对您有所帮助!
如果您认为这可以解决您的问题,请随时投票 and/or 接受这个答案:)
我需要按一个字段聚合,然后在同一个聚合中,计算与另一个字段值的总和。但是当执行查询时,第一个聚合是可以的,但总和总是 0.
示例索引:
{
"mappings": {
"transaction": {
"dynamic": "strict",
"properties": {
"transaction": {
"properties": {
"amount": {
"type": "double"
}
}
},
"infrastructureElement": {
"type": "nested",
"properties": {
"infrastructureElementSubType": {
"type": "keyword"
}
}
}
}
}
}
}
在下面的查询中,按 infrastructureElement.infrastructureElementSubType 聚合,然后在另一个聚合中对值 transactionPurchase.amount 求和:
{
"aggs": {
"group_by_infrastructure_element": {
"nested": {
"path": "infrastructureElement"
},
"aggs": {
"group_by_ie_subtype": {
"terms": {
"field": "infrastructureElement.infrastructureElementSubType"
},
"aggs": {
"revenue": {
"sum": {
"field": "transactionPurchase.amount"
}
}
}
}
}
}
}
}
当前结果:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
...
},
"aggregations": {
"group_by_infrastructure_element": {
"doc_count": 365,
"group_by_ie_subtype": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "MOBILE",
"doc_count": 1,
"revenue": {
"value": 0
}
}
]
}
}
}
}
提前致谢!
您需要使用 Reverse Nested Aggregation and then chain in the Sum Aggregation 来计算您要查找的内容:
聚合查询:
POST <your_index_name>/_search
{
"size":0,
"aggs":{
"myterms":{
"nested":{
"path":"infrastructureElement"
},
"aggs":{
"myterms":{
"terms":{
"field":"infrastructureElement.infrastructureElementSubType",
"size":10
},
"aggs":{
"reverse":{
"reverse_nested":{},
"aggs":{
"revenue":{
"sum":{
"field":"transaction.amount"
}
}
}
}
}
}
}
}
}
}
还要注意映射的结构,字段 transaction 不是 Nested Type but a simple Object Type。现在,如果您在嵌套聚合中,则需要遍历回到根,然后执行度量聚合,例如求和以计算 amount
请注意以下针对我创建的示例文档的回复。
POST someaggregation/_doc/1
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type1"
},
{
"infrastructureElementSubType": "type2"
}
]
}
POST someaggregation/_doc/2
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type1"
},
{
"infrastructureElementSubType": "type2"
}
]
}
POST someaggregation/_doc/3
{
"transaction":{
"amount": 100
},
"infrastructureElement": [
{
"infrastructureElementSubType": "type3"
},
{
"infrastructureElementSubType": "type4"
}
]
}
回复:
{
"took" : 519,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"myterms" : {
"doc_count" : 6,
"myterms" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "type1",
"doc_count" : 2,
"reverse" : {
"doc_count" : 2,
"revenue" : {
"value" : 200.0
}
}
},
{
"key" : "type2",
"doc_count" : 2,
"reverse" : {
"doc_count" : 2,
"revenue" : {
"value" : 200.0
}
}
},
{
"key" : "type3",
"doc_count" : 1,
"reverse" : {
"doc_count" : 1,
"revenue" : {
"value" : 100.0
}
}
},
{
"key" : "type4",
"doc_count" : 1,
"reverse" : {
"doc_count" : 1,
"revenue" : {
"value" : 100.0
}
}
}
]
}
}
}
}
希望这对您有所帮助!
如果您认为这可以解决您的问题,请随时投票 and/or 接受这个答案:)