Elasticsearch 查询以获取链接到键名的多个属性的所有值
Elasticsearch query to get all the value of multiple attributes linked to a keyname
我有以下 json 数据:
{
"_index": "logs",
"_type": "_doc",
"_id": "122",
"_version": 7,
"_score": null,
"_source": {
"Data": {
"FacTotal": 62701268992,
"FacFree": 56609468416,
"FacStatus": "Normal",
"Version": "2.0",
"Ip": "192.168.0.106"
},
"Created": "2021-01-04T14:13:48.245760",
"Device": "T1"
"Customer": "demo1"
},
"fields": {
"Data.UpTime": [
"2021-01-04T14:10:05.000Z"
],
"Created": [
"2021-01-04T14:13:48.245Z"
]
},
"sort": [
1609769628245
]
}
就像上面的json数据一样,我有多个不同Customers的数据,每个客户有多个Device。我在下面写了查询,它给了我所有 Customers 的列表和每个客户拥有的 Devices 的数量。
GET logs/_search
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"type_count": {
"cardinality": {
"field": "Device.keyword"
}
}
}
}
}
}
这是回复:
{
"took" : 996,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 325,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"customers" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "demo1",
"doc_count" : 141,
"type_count" : {
"value" : 5
}
},
{
"key" : "demo2",
"doc_count" : 140,
"type_count" : {
"value" : 5
}
},
{
"key" : "demo3",
"doc_count" : 36,
"type_count" : {
"value" : 1
}
},
{
"key" : "demo4",
"doc_count" : 8,
"type_count" : {
"value" : 1
}
}
]
}
}
}
我如何修改上述查询,以便在计数的同时也为我们提供客户的设备名称。如下所示
{
"key": "demo1",
"doc_count": 141,
"type_count": {
"value": 3
},
"device_name": [ <- device name
"T1",
"T2",
"T3"
]
}
谢谢
伟大的开始!!您可以利用 terms aggregation
GET logs/_search
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"device_name": {
"terms": {
"field": "Device.keyword",
"size": 100
}
},
"type_count": {
"cardinality": {
"field": "Device.keyword"
}
}
}
}
}
}
您可以使用 stats bucket aggregation along with the terms aggregation 来实现您的用例
添加包含索引数据、搜索查询和搜索结果的工作示例
索引数据:
{
"Device": "T2",
"Customer": "demo1"
}
{
"Device": "T2",
"Customer": "demo1"
}
{
"Device": "T1",
"Customer": "demo2"
}
{
"Device": "T3",
"Customer": "demo1"
}
搜索查询:
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"device_name": {
"terms": {
"field": "Device.keyword"
}
},
"bucketcount": {
"stats_bucket": {
"buckets_path": "device_name._count"
}
}
}
}
}
}
搜索结果:
"aggregations": {
"customers": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "demo1", // note this
"doc_count": 2,
"device_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "T2", // note this
"doc_count": 2
}
]
},
"bucketcount": {
"count": 1, // note this
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 2.0
}
},
{
"key": "demo2",
"doc_count": 2,
"device_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "T1",
"doc_count": 1
},
{
"key": "T3",
"doc_count": 1
}
]
},
"bucketcount": {
"count": 2,
"min": 1.0,
"max": 1.0,
"avg": 1.0,
"sum": 2.0
}
}
]
}
}
我有以下 json 数据:
{
"_index": "logs",
"_type": "_doc",
"_id": "122",
"_version": 7,
"_score": null,
"_source": {
"Data": {
"FacTotal": 62701268992,
"FacFree": 56609468416,
"FacStatus": "Normal",
"Version": "2.0",
"Ip": "192.168.0.106"
},
"Created": "2021-01-04T14:13:48.245760",
"Device": "T1"
"Customer": "demo1"
},
"fields": {
"Data.UpTime": [
"2021-01-04T14:10:05.000Z"
],
"Created": [
"2021-01-04T14:13:48.245Z"
]
},
"sort": [
1609769628245
]
}
就像上面的json数据一样,我有多个不同Customers的数据,每个客户有多个Device。我在下面写了查询,它给了我所有 Customers 的列表和每个客户拥有的 Devices 的数量。
GET logs/_search
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"type_count": {
"cardinality": {
"field": "Device.keyword"
}
}
}
}
}
}
这是回复:
{
"took" : 996,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 325,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"customers" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "demo1",
"doc_count" : 141,
"type_count" : {
"value" : 5
}
},
{
"key" : "demo2",
"doc_count" : 140,
"type_count" : {
"value" : 5
}
},
{
"key" : "demo3",
"doc_count" : 36,
"type_count" : {
"value" : 1
}
},
{
"key" : "demo4",
"doc_count" : 8,
"type_count" : {
"value" : 1
}
}
]
}
}
}
我如何修改上述查询,以便在计数的同时也为我们提供客户的设备名称。如下所示
{
"key": "demo1",
"doc_count": 141,
"type_count": {
"value": 3
},
"device_name": [ <- device name
"T1",
"T2",
"T3"
]
}
谢谢
伟大的开始!!您可以利用 terms aggregation
GET logs/_search
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"device_name": {
"terms": {
"field": "Device.keyword",
"size": 100
}
},
"type_count": {
"cardinality": {
"field": "Device.keyword"
}
}
}
}
}
}
您可以使用 stats bucket aggregation along with the terms aggregation 来实现您的用例
添加包含索引数据、搜索查询和搜索结果的工作示例
索引数据:
{
"Device": "T2",
"Customer": "demo1"
}
{
"Device": "T2",
"Customer": "demo1"
}
{
"Device": "T1",
"Customer": "demo2"
}
{
"Device": "T3",
"Customer": "demo1"
}
搜索查询:
{
"size": 0,
"aggs": {
"customers": {
"terms": {
"field": "Customer.keyword"
},
"aggs": {
"device_name": {
"terms": {
"field": "Device.keyword"
}
},
"bucketcount": {
"stats_bucket": {
"buckets_path": "device_name._count"
}
}
}
}
}
}
搜索结果:
"aggregations": {
"customers": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "demo1", // note this
"doc_count": 2,
"device_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "T2", // note this
"doc_count": 2
}
]
},
"bucketcount": {
"count": 1, // note this
"min": 2.0,
"max": 2.0,
"avg": 2.0,
"sum": 2.0
}
},
{
"key": "demo2",
"doc_count": 2,
"device_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "T1",
"doc_count": 1
},
{
"key": "T3",
"doc_count": 1
}
]
},
"bucketcount": {
"count": 2,
"min": 1.0,
"max": 1.0,
"avg": 1.0,
"sum": 2.0
}
}
]
}
}