Elasticsearch 聚合类似于 group_concat
Elasticsearch aggregation similar to group_concat
我是 elasticsearch 的新手,我想创建一个 group_concat 聚合。但我不知道怎么办。有人可以帮我吗
示例数据:
POST /example_measures/_bulk
{"index":{"_id":1}}
{"id":"1","datapoint_id":"1","datetime":"1577833200000","value":"5"}
{"index":{"_id":2}}
{"id":"2","datapoint_id":"2","datetime":"1577833210000","value":"51"}
{"index":{"_id":3}}
{"id":"3","datapoint_id":"2","datetime":"1577833220000","value":"77"}
我想表达的sql:
select
datapoint_id,
group_concat(`datetime` order by `datetime` SEPARATOR ',' limit 5) as dt,
group_concat(`value` order by `datetime` SEPARATOR ',' limit 5) as val
from example_measures
group by datapoint_id;
我希望每个数据点有 2 个数组。一个带有时间戳,一个带有值。
我使用 sql 语法没有成功,因为 sql 输入不支持 group_concat:
POST /_sql?format=txt
{
"query":"..."
}
我使用 Kibana 和 Dev Tools 进行输入。
您可以通过在 datapoint_id 字段上使用 Terms Aggregation 来实现您的用例。这将创建桶 - 一个 pe 唯一值 datapoint_id。然后,您可以使用子聚合将桶进一步嵌入到这些独特的桶中。
搜索查询:
{
"size": 0,
"aggs": {
"id": {
"terms": {
"field": "datapoint_id.keyword"
},
"aggs": {
"dt": {
"terms": {
"field": "datetime.keyword",
"order": { "_key" : "asc" },
"size": 5
}
},
"val": {
"terms": {
"field": "value.keyword",
"size": 5
}
}
}
}
}
}
搜索结果:
"aggregations": {
"id": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "2",
"doc_count": 2,
"val": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "51",
"doc_count": 1
},
{
"key": "77",
"doc_count": 1
}
]
},
"dt": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1577833210000",
"doc_count": 1
},
{
"key": "1577833220000",
"doc_count": 1
}
]
}
},
{
"key": "1",
"doc_count": 1,
"val": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "5",
"doc_count": 1
}
]
},
"dt": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1577833200000",
"doc_count": 1
}
]
}
}
]
}
}
我是 elasticsearch 的新手,我想创建一个 group_concat 聚合。但我不知道怎么办。有人可以帮我吗
示例数据:
POST /example_measures/_bulk
{"index":{"_id":1}}
{"id":"1","datapoint_id":"1","datetime":"1577833200000","value":"5"}
{"index":{"_id":2}}
{"id":"2","datapoint_id":"2","datetime":"1577833210000","value":"51"}
{"index":{"_id":3}}
{"id":"3","datapoint_id":"2","datetime":"1577833220000","value":"77"}
我想表达的sql:
select
datapoint_id,
group_concat(`datetime` order by `datetime` SEPARATOR ',' limit 5) as dt,
group_concat(`value` order by `datetime` SEPARATOR ',' limit 5) as val
from example_measures
group by datapoint_id;
我希望每个数据点有 2 个数组。一个带有时间戳,一个带有值。
我使用 sql 语法没有成功,因为 sql 输入不支持 group_concat:
POST /_sql?format=txt
{
"query":"..."
}
我使用 Kibana 和 Dev Tools 进行输入。
您可以通过在 datapoint_id 字段上使用 Terms Aggregation 来实现您的用例。这将创建桶 - 一个 pe 唯一值 datapoint_id。然后,您可以使用子聚合将桶进一步嵌入到这些独特的桶中。
搜索查询:
{
"size": 0,
"aggs": {
"id": {
"terms": {
"field": "datapoint_id.keyword"
},
"aggs": {
"dt": {
"terms": {
"field": "datetime.keyword",
"order": { "_key" : "asc" },
"size": 5
}
},
"val": {
"terms": {
"field": "value.keyword",
"size": 5
}
}
}
}
}
}
搜索结果:
"aggregations": {
"id": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "2",
"doc_count": 2,
"val": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "51",
"doc_count": 1
},
{
"key": "77",
"doc_count": 1
}
]
},
"dt": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1577833210000",
"doc_count": 1
},
{
"key": "1577833220000",
"doc_count": 1
}
]
}
},
{
"key": "1",
"doc_count": 1,
"val": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "5",
"doc_count": 1
}
]
},
"dt": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1577833200000",
"doc_count": 1
}
]
}
}
]
}
}