elasticsearch 中简单计数聚合的 400 错误
400 error on simple count aggregation in elasticsearch
我正在尝试对弹性搜索中的字段进行简单计数,但一直收到 400 错误...
这是我的查询:
curl -XPOST "http://host/logstash-2016.05.19/_search" -d'
{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"count": {
"field": "requestId"
}
}
}
}
}
}'
这是我返回的错误:
{
"error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[ZWtovPXtTfSuJzg9M3FMjw][logstash-2016.05.19][0]: RemoteTransportException[[es4][inet[/10.149.76.55:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[vSqpHGQXRf6OUIEF_kQ1jg][logstash-2016.05.19][1]: RemoteTransportException[[es2][inet[/10.149.76.138:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][2]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][3]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][4]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }]",
"status": 400
}
我也在 运行 查询中使用 Sense chrome 扩展,所以不确定这是否有影响。
查询 elasticsearch 的新手,所以我尝试遵循一些在线指南,但没有得到任何帮助...我可以成功地进行简单查询,但似乎无法弄清楚聚合...
编辑:
如果它是一个 sql 查询,我试图对聚合做的是得到类似这样的东西:
select serviceName, count(requestId) as cnt
from tableA
group by serviceName
结果:
serviceName | cnt
-----------------
srvc1 32
srvc3 18
srvc7 75
etc...
一个问题可能是 ElasticSearch 搜索是使用 GET 而不是 POST 进行的。尝试 curl -XGET
此外,没有 count 聚合。你是说 value_count 吗?
提示:将 ?pretty 附加到 URL 以获得更易于阅读的输出:
curl -XGET "http://host/logstash-2016.05.19/_search?pretty"
问题是没有 count 聚合。您需要使用的聚合称为 value_count
看到错误:
Parse Failure [Could not find aggregator type [count] in [callcnt]]];
改用它,它将起作用:
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"value_count": {
"field": "requestId"
}
}
}
}
}
}'
更新
根据您的评论,您可以按照以下方式执行所需的操作,即使用 terms 子聚合而不是 value_count 子聚合。
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"terms": {
"field": "requestId"
}
}
}
}
}
}'
简单使用 terms 聚合来获取 serviceName 字段中不同值的计数。
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {.
"the_name": {
"terms": {
"field": "serviceName"
}
}
}
}'
希望对您有所帮助!!!!
我正在尝试对弹性搜索中的字段进行简单计数,但一直收到 400 错误...
这是我的查询:
curl -XPOST "http://host/logstash-2016.05.19/_search" -d'
{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"count": {
"field": "requestId"
}
}
}
}
}
}'
这是我返回的错误:
{
"error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[ZWtovPXtTfSuJzg9M3FMjw][logstash-2016.05.19][0]: RemoteTransportException[[es4][inet[/10.149.76.55:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[vSqpHGQXRf6OUIEF_kQ1jg][logstash-2016.05.19][1]: RemoteTransportException[[es2][inet[/10.149.76.138:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][2]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][3]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][4]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n \"aggregations\": {\n \"the_name\": {\n \"terms\": {\n \"field\": \"serviceName\"\n },\n \"aggregations\": {\n \"callcnt\": {\n \"count\": {\n \"field\": \"requestId\"\n }\n }\n }\n }\n }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }]",
"status": 400
}
我也在 运行 查询中使用 Sense chrome 扩展,所以不确定这是否有影响。
查询 elasticsearch 的新手,所以我尝试遵循一些在线指南,但没有得到任何帮助...我可以成功地进行简单查询,但似乎无法弄清楚聚合...
编辑:
如果它是一个 sql 查询,我试图对聚合做的是得到类似这样的东西:
select serviceName, count(requestId) as cnt
from tableA
group by serviceName
结果:
serviceName | cnt
-----------------
srvc1 32
srvc3 18
srvc7 75
etc...
一个问题可能是 ElasticSearch 搜索是使用 GET 而不是 POST 进行的。尝试 curl -XGET
此外,没有 count 聚合。你是说 value_count 吗?
提示:将 ?pretty 附加到 URL 以获得更易于阅读的输出:
curl -XGET "http://host/logstash-2016.05.19/_search?pretty"
问题是没有 count 聚合。您需要使用的聚合称为 value_count
看到错误:
Parse Failure [Could not find aggregator type [count] in [callcnt]]];
改用它,它将起作用:
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"value_count": {
"field": "requestId"
}
}
}
}
}
}'
更新
根据您的评论,您可以按照以下方式执行所需的操作,即使用 terms 子聚合而不是 value_count 子聚合。
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {
"the_name": {
"terms": {
"field": "serviceName"
},
"aggregations": {
"callcnt": {
"terms": {
"field": "requestId"
}
}
}
}
}
}'
简单使用 terms 聚合来获取 serviceName 字段中不同值的计数。
curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
"aggregations": {.
"the_name": {
"terms": {
"field": "serviceName"
}
}
}
}'
希望对您有所帮助!!!!