Elasticsearch 查询计算每个 API 的点击次数
Elasticsearch query to count number of hits for each API
我必须获取每个 API/url 的不同 Https 响应的计数,并将前 5 个最热门 API 显示为 Kibana 警报。
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
通过这个查询,我能够获取过去 15 分钟的 HTTP 状态计数。
"aggregations": {
"Status": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 47,
"buckets": [
{
"doc_count": 252095,
"key": 200
},
{
"doc_count": 3845,
"key": 400
},
{
"doc_count": 1102,
"key": 404
},
{
"doc_count": 853,
"key": 401
},
{
"doc_count": 694,
"key": 206
},
{
"doc_count": 305,
"key": 500
},
{
"doc_count": 166,
"key": 204
},
{
"doc_count": 61,
"key": 429
},
{
"doc_count": 56,
"key": 403
},
{
"doc_count": 40,
"key": 422
}
]
}
}
由于我是 elasticsearch 的新手,我无法使用“data.url”字段编写多个聚合来获取每个 API/url.
的 http 状态计数
我期待这样的事情
API
/search/results 200 : 30 201: 10 500:1
/eligibility 200 : 20 500 : 3
如有任何帮助,我们将不胜感激。谢谢
很好的开始,你就快完成了!
您只需要在状态一之上添加另一个 terms 聚合,如下所示:
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Url": {
"terms": {
"field": "url_field_name", <----- add this
"size": 10
},
"aggs": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
}
}
我必须获取每个 API/url 的不同 Https 响应的计数,并将前 5 个最热门 API 显示为 Kibana 警报。
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
通过这个查询,我能够获取过去 15 分钟的 HTTP 状态计数。
"aggregations": {
"Status": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 47,
"buckets": [
{
"doc_count": 252095,
"key": 200
},
{
"doc_count": 3845,
"key": 400
},
{
"doc_count": 1102,
"key": 404
},
{
"doc_count": 853,
"key": 401
},
{
"doc_count": 694,
"key": 206
},
{
"doc_count": 305,
"key": 500
},
{
"doc_count": 166,
"key": 204
},
{
"doc_count": 61,
"key": 429
},
{
"doc_count": 56,
"key": 403
},
{
"doc_count": 40,
"key": 422
}
]
}
}
由于我是 elasticsearch 的新手,我无法使用“data.url”字段编写多个聚合来获取每个 API/url.
的 http 状态计数我期待这样的事情
API
/search/results 200 : 30 201: 10 500:1
/eligibility 200 : 20 500 : 3
如有任何帮助,我们将不胜感激。谢谢
很好的开始,你就快完成了!
您只需要在状态一之上添加另一个 terms 聚合,如下所示:
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Url": {
"terms": {
"field": "url_field_name", <----- add this
"size": 10
},
"aggs": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
}
}