ElasticSearch - 排序桶
ElasticSearch - Sort Buckets
我的 elasticSearch query 就像:
{
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "Infos.InstanceInfo.Name.keyword",
"size": 1000
},
"aggs": {
"group_by_id": {
"terms": {
"field": "Infos.InstanceInfo.ID.keyword",
"size": 1000
},
"aggs": {
"tops": {
"top_hits": {
"size": 100,
"sort": {
"Infos.InstanceInfo.StartTime": "asc"
}
}
}
}
},
"count": {
"cardinality": {
"field": "Infos.InstanceInfo.ID.keyword"
}
}
}
}
}
}
它工作正常,我有一个 结果 这种形式:
aggregations
==>group_by_name
======>buckets:
{key:name1}
=========>group_by_id
==============>buckets
{key:id1}
===============>docs
{doc1.StartTime:"2020-12-15T19:00:00"}
{doc2.StartTime:"2020-12-15T20:00:00"}
{doc3.StartTime:"2020-12-15T21:00:00"}
{key:id2}
===============>docs
{doc1.StartTime:"2020-12-15T09:00:00"}
{doc2.StartTime:"2020-12-15T11:00:00"}
{doc3.StartTime:"2020-12-15T11:30:00"}
{key:id4}
===============>docs
{doc1.StartTime:"2020-12-15T22:00:00"}
{doc2.StartTime:"2020-12-15T23:00:00"}
{doc3.StartTime:"2020-12-15T23:30:00"}
{key:name2}
=========>group_by_id
==============>buckets
{key:id5}
===============>docs
{doc1.StartTime:"2020-12-15T05:00:00"}
{doc2.StartTime:"2020-12-15T05:30:00"}
{doc3.StartTime:"2020-12-15T06:00:00"}
{key:id8}
===============>docs
{doc1.StartTime:"2020-12-15T01:00:00"}
{doc2.StartTime:"2020-12-15T01:00:15"}
{doc3.StartTime:"2020-12-15T02:00:00"}
{key:id9}
===============>docs
{doc1.StartTime:"2020-12-15T08:00:00"}
{doc2.StartTime:"2020-12-15T09:00:15"}
{doc3.StartTime:"2020-12-15T10:00:00"}
现在,我正在尝试根据第一个文档的 StartTime 的值对 group_by_id 聚合中的存储桶进行排序,以获得如下内容:
aggregations
==>group_by_name
======>buckets:
{key:name1}
=========>group_by_id
==============>buckets
{key:id4}
===============>docs
{doc1.StartTime:"2020-12-15T22:00:00"}
{doc2.StartTime:"2020-12-15T23:00:00"}
{doc3.StartTime:"2020-12-15T23:30:00"}
{key:id1}
===============>docs
{doc1.StartTime:"2020-12-15T19:00:00"}
{doc2.StartTime:"2020-12-15T20:00:00"}
{doc3.StartTime:"2020-12-15T21:00:00"}
{key:id2}
===============>docs
{doc1.StartTime:"2020-12-15T09:00:00"}
{doc2.StartTime:"2020-12-15T11:00:00"}
{doc3.StartTime:"2020-12-15T11:30:00"}
{key:name2}
=========>group_by_id
==============>buckets
{key:id9}
===============>docs
{doc1.StartTime:"2020-12-15T08:00:00"}
{doc2.StartTime:"2020-12-15T09:00:15"}
{doc3.StartTime:"2020-12-15T10:00:00"}
{key:id5}
===============>docs
{doc1.StartTime:"2020-12-15T05:00:00"}
{doc2.StartTime:"2020-12-15T05:30:00"}
{doc3.StartTime:"2020-12-15T06:00:00"}
{key:id8}
===============>docs
{doc1.StartTime:"2020-12-15T01:00:00"}
{doc2.StartTime:"2020-12-15T01:00:15"}
{doc3.StartTime:"2020-12-15T02:00:00"}
有什么想法吗?
执行以下操作:
{
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "Infos.InstanceInfo.Name.keyword",
"size": 1000,
"order": { <-- name1, name2, ... alphabetically
"_key": "asc"
}
},
"aggs": {
"group_by_id": {
"terms": {
"field": "Infos.InstanceInfo.ID.keyword",
"size": 1000,
"order": { <-- order by the latest timestamp
"max_start_time": "desc"
}
},
"aggs": {
"tops": {
"top_hits": {
"size": 100,
"_source": "Infos.InstanceInfo.StartTime",
"sort": {
"Infos.InstanceInfo.StartTime": "asc"
}
}
},
"max_start_time": { <-- specify it here in order to apply it above
"max": {
"field": "Infos.InstanceInfo.StartTime"
}
}
}
},
"count": {
"cardinality": {
"field": "Infos.InstanceInfo.ID.keyword"
}
}
}
}
}
}
我的 elasticSearch query 就像:
{
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "Infos.InstanceInfo.Name.keyword",
"size": 1000
},
"aggs": {
"group_by_id": {
"terms": {
"field": "Infos.InstanceInfo.ID.keyword",
"size": 1000
},
"aggs": {
"tops": {
"top_hits": {
"size": 100,
"sort": {
"Infos.InstanceInfo.StartTime": "asc"
}
}
}
}
},
"count": {
"cardinality": {
"field": "Infos.InstanceInfo.ID.keyword"
}
}
}
}
}
}
它工作正常,我有一个 结果 这种形式:
aggregations
==>group_by_name
======>buckets:
{key:name1}
=========>group_by_id
==============>buckets
{key:id1}
===============>docs
{doc1.StartTime:"2020-12-15T19:00:00"}
{doc2.StartTime:"2020-12-15T20:00:00"}
{doc3.StartTime:"2020-12-15T21:00:00"}
{key:id2}
===============>docs
{doc1.StartTime:"2020-12-15T09:00:00"}
{doc2.StartTime:"2020-12-15T11:00:00"}
{doc3.StartTime:"2020-12-15T11:30:00"}
{key:id4}
===============>docs
{doc1.StartTime:"2020-12-15T22:00:00"}
{doc2.StartTime:"2020-12-15T23:00:00"}
{doc3.StartTime:"2020-12-15T23:30:00"}
{key:name2}
=========>group_by_id
==============>buckets
{key:id5}
===============>docs
{doc1.StartTime:"2020-12-15T05:00:00"}
{doc2.StartTime:"2020-12-15T05:30:00"}
{doc3.StartTime:"2020-12-15T06:00:00"}
{key:id8}
===============>docs
{doc1.StartTime:"2020-12-15T01:00:00"}
{doc2.StartTime:"2020-12-15T01:00:15"}
{doc3.StartTime:"2020-12-15T02:00:00"}
{key:id9}
===============>docs
{doc1.StartTime:"2020-12-15T08:00:00"}
{doc2.StartTime:"2020-12-15T09:00:15"}
{doc3.StartTime:"2020-12-15T10:00:00"}
现在,我正在尝试根据第一个文档的 StartTime 的值对 group_by_id 聚合中的存储桶进行排序,以获得如下内容:
aggregations
==>group_by_name
======>buckets:
{key:name1}
=========>group_by_id
==============>buckets
{key:id4}
===============>docs
{doc1.StartTime:"2020-12-15T22:00:00"}
{doc2.StartTime:"2020-12-15T23:00:00"}
{doc3.StartTime:"2020-12-15T23:30:00"}
{key:id1}
===============>docs
{doc1.StartTime:"2020-12-15T19:00:00"}
{doc2.StartTime:"2020-12-15T20:00:00"}
{doc3.StartTime:"2020-12-15T21:00:00"}
{key:id2}
===============>docs
{doc1.StartTime:"2020-12-15T09:00:00"}
{doc2.StartTime:"2020-12-15T11:00:00"}
{doc3.StartTime:"2020-12-15T11:30:00"}
{key:name2}
=========>group_by_id
==============>buckets
{key:id9}
===============>docs
{doc1.StartTime:"2020-12-15T08:00:00"}
{doc2.StartTime:"2020-12-15T09:00:15"}
{doc3.StartTime:"2020-12-15T10:00:00"}
{key:id5}
===============>docs
{doc1.StartTime:"2020-12-15T05:00:00"}
{doc2.StartTime:"2020-12-15T05:30:00"}
{doc3.StartTime:"2020-12-15T06:00:00"}
{key:id8}
===============>docs
{doc1.StartTime:"2020-12-15T01:00:00"}
{doc2.StartTime:"2020-12-15T01:00:15"}
{doc3.StartTime:"2020-12-15T02:00:00"}
有什么想法吗?
执行以下操作:
{
"size": 0,
"aggs": {
"group_by_name": {
"terms": {
"field": "Infos.InstanceInfo.Name.keyword",
"size": 1000,
"order": { <-- name1, name2, ... alphabetically
"_key": "asc"
}
},
"aggs": {
"group_by_id": {
"terms": {
"field": "Infos.InstanceInfo.ID.keyword",
"size": 1000,
"order": { <-- order by the latest timestamp
"max_start_time": "desc"
}
},
"aggs": {
"tops": {
"top_hits": {
"size": 100,
"_source": "Infos.InstanceInfo.StartTime",
"sort": {
"Infos.InstanceInfo.StartTime": "asc"
}
}
},
"max_start_time": { <-- specify it here in order to apply it above
"max": {
"field": "Infos.InstanceInfo.StartTime"
}
}
}
},
"count": {
"cardinality": {
"field": "Infos.InstanceInfo.ID.keyword"
}
}
}
}
}
}