Elasticsearch 聚合:只有 return 个结果?
Elasticsearch Aggregations: Only return results of one of them?
我正在尝试找到一种方法来仅 return Elasticsearch 查询中一次聚合的结果。我有一个最大桶聚合(我 想要 看到的那个),它是根据基于日期直方图聚合的求和桶聚合计算得出的。现在,我必须浏览 1,440 个结果才能找到我想看到的结果。我已经删除了带有 size: 0 修饰符的基本查询的结果,但是有没有办法对聚合做类似的事情?我试过将同样的东西放到几个地方,但没有成功。
查询如下:
{
"size": 0,
"query": {
"range": {
"timestamp": {
"gte": "2018-11-28",
"lte": "2018-11-28"
}
}
},
"aggs": {
"hits_per_minute": {
"date_histogram": {
"field": "timestamp",
"interval": "minute"
},
"aggs": {
"total_hits": {
"sum": {
"field": "hits_count"
}
}
}
},
"max_transactions_per_minute": {
"max_bucket": {
"buckets_path": "hits_per_minute>total_hits"
}
}
}
}
幸运的是,您可以使用 Elasticsearch 6.4 中添加的 bucket_sort aggregation 来做到这一点。
用bucket_sort
做
POST my_index/doc/_search
{
"size": 0,
"query": {
"range": {
"timestamp": {
"gte": "2018-11-28",
"lte": "2018-11-28"
}
}
},
"aggs": {
"hits_per_minute": {
"date_histogram": {
"field": "timestamp",
"interval": "minute"
},
"aggs": {
"total_hits": {
"sum": {
"field": "hits_count"
}
},
"max_transactions_per_minute": {
"bucket_sort": {
"sort": [
{"total_hits": {"order": "desc"}}
],
"size": 1
}
}
}
}
}
}
这会给你这样的回应:
{
...
"aggregations": {
"hits_per_minute": {
"buckets": [
{
"key_as_string": "2018-11-28T21:10:00.000Z",
"key": 1543957800000,
"doc_count": 3,
"total_hits": {
"value": 11
}
}
]
}
}
}
请注意,输出中没有额外的聚合,hits_per_minute 的输出被截断了(因为我们要求只给出一个最顶层的桶)。
用filter_path
做
还有一种通用的方法可以过滤 Elasticsearch 的输出:Response filtering, as 建议。
在这种情况下,只需执行以下查询就足够了:
POST my_index/doc/_search?filter_path=aggregations.max_transactions_per_minute
{ ... (original query) ... }
这将给出响应:
{
"aggregations": {
"max_transactions_per_minute": {
"value": 11,
"keys": [
"2018-12-04T21:10:00.000Z"
]
}
}
}
我正在尝试找到一种方法来仅 return Elasticsearch 查询中一次聚合的结果。我有一个最大桶聚合(我 想要 看到的那个),它是根据基于日期直方图聚合的求和桶聚合计算得出的。现在,我必须浏览 1,440 个结果才能找到我想看到的结果。我已经删除了带有 size: 0 修饰符的基本查询的结果,但是有没有办法对聚合做类似的事情?我试过将同样的东西放到几个地方,但没有成功。
查询如下:
{
"size": 0,
"query": {
"range": {
"timestamp": {
"gte": "2018-11-28",
"lte": "2018-11-28"
}
}
},
"aggs": {
"hits_per_minute": {
"date_histogram": {
"field": "timestamp",
"interval": "minute"
},
"aggs": {
"total_hits": {
"sum": {
"field": "hits_count"
}
}
}
},
"max_transactions_per_minute": {
"max_bucket": {
"buckets_path": "hits_per_minute>total_hits"
}
}
}
}
幸运的是,您可以使用 Elasticsearch 6.4 中添加的 bucket_sort aggregation 来做到这一点。
用bucket_sort
做
POST my_index/doc/_search
{
"size": 0,
"query": {
"range": {
"timestamp": {
"gte": "2018-11-28",
"lte": "2018-11-28"
}
}
},
"aggs": {
"hits_per_minute": {
"date_histogram": {
"field": "timestamp",
"interval": "minute"
},
"aggs": {
"total_hits": {
"sum": {
"field": "hits_count"
}
},
"max_transactions_per_minute": {
"bucket_sort": {
"sort": [
{"total_hits": {"order": "desc"}}
],
"size": 1
}
}
}
}
}
}
这会给你这样的回应:
{
...
"aggregations": {
"hits_per_minute": {
"buckets": [
{
"key_as_string": "2018-11-28T21:10:00.000Z",
"key": 1543957800000,
"doc_count": 3,
"total_hits": {
"value": 11
}
}
]
}
}
}
请注意,输出中没有额外的聚合,hits_per_minute 的输出被截断了(因为我们要求只给出一个最顶层的桶)。
用filter_path
做
还有一种通用的方法可以过滤 Elasticsearch 的输出:Response filtering, as
在这种情况下,只需执行以下查询就足够了:
POST my_index/doc/_search?filter_path=aggregations.max_transactions_per_minute
{ ... (original query) ... }
这将给出响应:
{
"aggregations": {
"max_transactions_per_minute": {
"value": 11,
"keys": [
"2018-12-04T21:10:00.000Z"
]
}
}
}