ElasticSearch:在聚合期间按不同计数过滤
ElasticSearch: Filter by distinct count during aggregation
以下查询 returns 个不同的 ID,按 ID 的最大不同计数排序。我想做的是 " 仅包括那些文档总数少于 2000 的 ID"
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}
我尝试通过 'doc_count' 添加过滤器,但这没有帮助。我该怎么做?
您可以使用 bucket_selector aggregation
过滤桶
Bucket Selector Aggregation is a parent pipeline aggregation which executes a script which determines
whether the current bucket will be retained in the parent multi-bucket
aggregation.
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
},
"aggs": {
"count_filter": {
"bucket_selector": {
"buckets_path": {
"values": "_count"
},
"script": "params.values < 2000" <-- note this
}
}
}
}
}
}
以下查询 returns 个不同的 ID,按 ID 的最大不同计数排序。我想做的是 " 仅包括那些文档总数少于 2000 的 ID"
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}
我尝试通过 'doc_count' 添加过滤器,但这没有帮助。我该怎么做?
您可以使用 bucket_selector aggregation
过滤桶Bucket Selector Aggregation is a parent pipeline aggregation which executes a script which determines whether the current bucket will be retained in the parent multi-bucket aggregation.
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
},
"aggs": {
"count_filter": {
"bucket_selector": {
"buckets_path": {
"values": "_count"
},
"script": "params.values < 2000" <-- note this
}
}
}
}
}
}