Kibana 查询 - 使用术语聚合计数,单个存储桶中的范围
Kibana query - aggregate counts using terms, range in single bucket
我在 Kibana 中搜索具有管道执行元数据的索引模式中的查询,其中包括 pipelineid、dev grief count 等
我想将结果分成一桶管道 ID,总执行次数和执行次数为 dev_grief > 0
我的查询-
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"Terms_Aggregation": {
"terms": {
"field": "PipelineId",
"size": 1000
}
}
}
}
上面的查询是根据术语聚合按管道 ID 提供总执行次数,但我想要 GriefToDeveloper 值大于 0 的执行次数。
因此,我使用范围添加了一个过滤器 -
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"DeveloperGriefCount": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
},
"aggs": {
"Pipeline": {
"terms": {
"field": "PipelineId",
"size": 1000
}
}
}
}
}
}
现在,这行得通了,但是如您所见,没有总执行次数 -
我想合并这两个查询,只检索一个元素类似于 -
的桶
{
"buckets": [
{
"key": "pipeline_id_3",
"doc_count": 10789,
"grief_count": 950
},
{
"key": "pipeline_id_4",
"doc_count": 7666,
"grief_count": 25
}
]
}
更新 1 -
示例文档 -
{
"_index": "pipeline-execution",
"_type": "_doc",
"_id": "FUM_MHkBjRE1lX_78952a",
"_score": 1,
"_source": {
"CreatedOn": "2021-05-03T03:22:41.715000",
"PipelineId": "pipeline_id_1",
"ExecIdentifier": "147895632145",
"Source": 45,
"Good": 40,
"PayloadHashValue": "95d59a7c80ebc4974f11995c4f4004ef",
"GriefToDeveloper": 5
}
}
索引Map/Template-
{
"CreatedOn": {
"type": "date"
},
"PipelineId": {
"type": "keyword"
},
"ExecIdentifier": {
"type": "keyword"
},
"Source": {
"type": "integer"
},
"Good": {
"type": "integer"
},
"PayloadHashValue": {
"type": "text"
},
"GriefToDeveloper": {
"type": "integer"
}
}
**更新 2 - **
这是我想看到的查询 -
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"Pipelines": {
"terms": {
"field": "PipelineId",
"size": 1000
},
"aggs": {
"total_exec": {
"value_count": {
"field": "PipelineId"
}
},
"dev_grief": {
"value_count": {
"field": "PipelineId"
}
},
"Grief%": {
"bucket_script": {
"buckets_path": {
"TotalExecutions": "total_exec",
"DeveloperGrief": "dev_grief"
},
"script": "(params.TotalExecutions/params.DeveloperGrief)*100"
}
}
}
}
}
}
回复:
"Pipelines": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "pipeline_id_1",
"doc_count": 2,
"total_exec": {
"value": 2
},
"dev_grief": {
"value": 1
},
"Grief%": {
"value": 50
}
}
]
}
非常感谢任何帮助。
谢谢
你的想法是正确的。您需要使过滤器聚合成为术语的子聚合,而不是其他方式
查询
{
"size": 0,
"aggs": {
"pipelines": {
"terms": {
"field": "PipelineId",
"size": 10
},
"aggs": {
"grief_count": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
}
}
}
}
}
}
结果
"pipelines" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "pipeline_id_1",
"doc_count" : 2,
"grief_count" : {
"doc_count" : 1
}
}
]
}
更新
{
"size": 0,
"aggs": {
"Pipelines": {
"terms": {
"field": "PipelineId",
"size": 1000
},
"aggs": {
"total_exec": {
"value_count": {
"field": "PipelineId"
}
},
"grief_count": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
},
"aggs": {
"dev_grief": {
"value_count": {
"field": "PipelineId"
}
}
}
},
"Grief%": {
"bucket_script": {
"buckets_path": {
"TotalExecutions": "total_exec",
"DeveloperGrief": "grief_count>dev_grief"
},
"script": "(params.TotalExecutions/params.DeveloperGrief)*100"
}
}
}
}
}
}
更新查询的结果 -
"Pipelines" : {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "pipeline_id_1",
"doc_count": 1315291,
"grief_count": {
"doc_count": 4447,
"dev_grief": {
"value": 4447
}
},
"total_exec": {
"value": 1315291
},
"Grief%": {
"value": 0.33810008
}
}
]
}
我在 Kibana 中搜索具有管道执行元数据的索引模式中的查询,其中包括 pipelineid、dev grief count 等
我想将结果分成一桶管道 ID,总执行次数和执行次数为 dev_grief > 0
我的查询-
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"Terms_Aggregation": {
"terms": {
"field": "PipelineId",
"size": 1000
}
}
}
}
上面的查询是根据术语聚合按管道 ID 提供总执行次数,但我想要 GriefToDeveloper 值大于 0 的执行次数。
因此,我使用范围添加了一个过滤器 -
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"DeveloperGriefCount": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
},
"aggs": {
"Pipeline": {
"terms": {
"field": "PipelineId",
"size": 1000
}
}
}
}
}
}
现在,这行得通了,但是如您所见,没有总执行次数 -
我想合并这两个查询,只检索一个元素类似于 -
的桶{
"buckets": [
{
"key": "pipeline_id_3",
"doc_count": 10789,
"grief_count": 950
},
{
"key": "pipeline_id_4",
"doc_count": 7666,
"grief_count": 25
}
]
}
更新 1 - 示例文档 -
{
"_index": "pipeline-execution",
"_type": "_doc",
"_id": "FUM_MHkBjRE1lX_78952a",
"_score": 1,
"_source": {
"CreatedOn": "2021-05-03T03:22:41.715000",
"PipelineId": "pipeline_id_1",
"ExecIdentifier": "147895632145",
"Source": 45,
"Good": 40,
"PayloadHashValue": "95d59a7c80ebc4974f11995c4f4004ef",
"GriefToDeveloper": 5
}
}
索引Map/Template-
{
"CreatedOn": {
"type": "date"
},
"PipelineId": {
"type": "keyword"
},
"ExecIdentifier": {
"type": "keyword"
},
"Source": {
"type": "integer"
},
"Good": {
"type": "integer"
},
"PayloadHashValue": {
"type": "text"
},
"GriefToDeveloper": {
"type": "integer"
}
}
**更新 2 - ** 这是我想看到的查询 -
GET pipeline-execution/_search
{
"size": 0,
"aggs": {
"Pipelines": {
"terms": {
"field": "PipelineId",
"size": 1000
},
"aggs": {
"total_exec": {
"value_count": {
"field": "PipelineId"
}
},
"dev_grief": {
"value_count": {
"field": "PipelineId"
}
},
"Grief%": {
"bucket_script": {
"buckets_path": {
"TotalExecutions": "total_exec",
"DeveloperGrief": "dev_grief"
},
"script": "(params.TotalExecutions/params.DeveloperGrief)*100"
}
}
}
}
}
}
回复:
"Pipelines": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "pipeline_id_1",
"doc_count": 2,
"total_exec": {
"value": 2
},
"dev_grief": {
"value": 1
},
"Grief%": {
"value": 50
}
}
]
}
非常感谢任何帮助。
谢谢
你的想法是正确的。您需要使过滤器聚合成为术语的子聚合,而不是其他方式
查询
{
"size": 0,
"aggs": {
"pipelines": {
"terms": {
"field": "PipelineId",
"size": 10
},
"aggs": {
"grief_count": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
}
}
}
}
}
}
结果
"pipelines" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "pipeline_id_1",
"doc_count" : 2,
"grief_count" : {
"doc_count" : 1
}
}
]
}
更新
{
"size": 0,
"aggs": {
"Pipelines": {
"terms": {
"field": "PipelineId",
"size": 1000
},
"aggs": {
"total_exec": {
"value_count": {
"field": "PipelineId"
}
},
"grief_count": {
"filter": {
"range": {
"GriefToDeveloper": {
"gte": 1
}
}
},
"aggs": {
"dev_grief": {
"value_count": {
"field": "PipelineId"
}
}
}
},
"Grief%": {
"bucket_script": {
"buckets_path": {
"TotalExecutions": "total_exec",
"DeveloperGrief": "grief_count>dev_grief"
},
"script": "(params.TotalExecutions/params.DeveloperGrief)*100"
}
}
}
}
}
}
更新查询的结果 -
"Pipelines" : {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "pipeline_id_1",
"doc_count": 1315291,
"grief_count": {
"doc_count": 4447,
"dev_grief": {
"value": 4447
}
},
"total_exec": {
"value": 1315291
},
"Grief%": {
"value": 0.33810008
}
}
]
}