Elasticsearch 聚合 - 或在桶中
Elasticsearch aggregations - OR in buckets
假设我有 5 个文档:
{
"owner": "joe",
"color": "black"
},
{
"owner": "joe",
"color": "red"
},
{
"owner": "joe",
"color": "blue"
},
{
"owner": "jack",
"color": "black"
},
{
"owner": "jack",
"color": "white"
}
和聚合:
{
aggs: {
owner: {
"terms": {
"field": "owner"
}
},
color: {
"terms": {
"field": "color"
}
}
}
}
按所有者和颜色汇总文档。
如果我 运行 匹配我得到的所有查询:
owner
joe: 3
jack: 2
color
black: 2
red: 1
blue: 1
white: 1
我想要实现的是:如果我按 owner: joe 过滤文档,我想获得 3 个文档,其中 owner 是 joe,颜色聚合:
color
black: 1
red: 1
blue: 1
但我想获得 owner 聚合:
owner
joe: 3 [selected]
jack: 2 [possible to extend]
于是得到可以选择的其他bucket的个数来扩展最终的结果。所以桶之间有类似“或”的东西。
我怎样才能做到这一点?
据我所知,您想在 owner 和 color 上进行聚合(其中 owner 等于 joe) 您可以使用 filter aggregation 实现所需的用例 -
{
"size": 0,
"aggs": {
"owner": {
"terms": {
"field": "owner.keyword"
}
},
"filtered_aggregation": {
"filter": {
"term": {
"owner": "joe"
}
},
"aggs": {
"color": {
"terms": {
"field": "color.keyword"
}
}
}
}
}
}
搜索结果:
"aggregations": {
"owner": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "joe",
"doc_count": 3
},
{
"key": "jack",
"doc_count": 2
}
]
},
"filtered_aggregation": {
"doc_count": 3,
"color": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "black",
"doc_count": 1
},
{
"key": "blue",
"doc_count": 1
},
{
"key": "red",
"doc_count": 1
}
]
}
}
}
实现此目的的常用方法是使用 post_filter。下面的查询将 return:
- 只有
joe 的颜色(使用 filtered_colors)
- 仅
joe的文档(使用post_filter)
- 您可以过滤的所有所有者(使用
all_owners)
查询:
POST owners/_search
{
"aggs": {
"filtered_colors": {
"filter": {
"term": {
"owner.keyword": "joe"
}
},
"aggs": {
"color": {
"terms": {
"field": "color.keyword"
}
}
}
},
"all_owners": {
"terms": {
"field": "owner.keyword"
}
}
},
"post_filter": {
"term": {
"owner.keyword": "joe"
}
}
}
假设我有 5 个文档:
{
"owner": "joe",
"color": "black"
},
{
"owner": "joe",
"color": "red"
},
{
"owner": "joe",
"color": "blue"
},
{
"owner": "jack",
"color": "black"
},
{
"owner": "jack",
"color": "white"
}
和聚合:
{
aggs: {
owner: {
"terms": {
"field": "owner"
}
},
color: {
"terms": {
"field": "color"
}
}
}
}
按所有者和颜色汇总文档。
如果我 运行 匹配我得到的所有查询:
owner
joe: 3
jack: 2
color
black: 2
red: 1
blue: 1
white: 1
我想要实现的是:如果我按 owner: joe 过滤文档,我想获得 3 个文档,其中 owner 是 joe,颜色聚合:
color
black: 1
red: 1
blue: 1
但我想获得 owner 聚合:
owner
joe: 3 [selected]
jack: 2 [possible to extend]
于是得到可以选择的其他bucket的个数来扩展最终的结果。所以桶之间有类似“或”的东西。
我怎样才能做到这一点?
据我所知,您想在 owner 和 color 上进行聚合(其中 owner 等于 joe) 您可以使用 filter aggregation 实现所需的用例 -
{
"size": 0,
"aggs": {
"owner": {
"terms": {
"field": "owner.keyword"
}
},
"filtered_aggregation": {
"filter": {
"term": {
"owner": "joe"
}
},
"aggs": {
"color": {
"terms": {
"field": "color.keyword"
}
}
}
}
}
}
搜索结果:
"aggregations": {
"owner": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "joe",
"doc_count": 3
},
{
"key": "jack",
"doc_count": 2
}
]
},
"filtered_aggregation": {
"doc_count": 3,
"color": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "black",
"doc_count": 1
},
{
"key": "blue",
"doc_count": 1
},
{
"key": "red",
"doc_count": 1
}
]
}
}
}
实现此目的的常用方法是使用 post_filter。下面的查询将 return:
- 只有
joe的颜色(使用filtered_colors) - 仅
joe的文档(使用post_filter) - 您可以过滤的所有所有者(使用
all_owners)
查询:
POST owners/_search
{
"aggs": {
"filtered_colors": {
"filter": {
"term": {
"owner.keyword": "joe"
}
},
"aggs": {
"color": {
"terms": {
"field": "color.keyword"
}
}
}
},
"all_owners": {
"terms": {
"field": "owner.keyword"
}
}
},
"post_filter": {
"term": {
"owner.keyword": "joe"
}
}
}