用于唯一数据计数的 Elasticsearch 查询
Elasticsearch query for unique data count
我想查询 elasticsearch 以从存储桶中获取设备的唯一 ip 计数?
桶数据格式如下
{
"request_time": 1651545553544,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 1242,
"country": "DO"
}
{
"request_time": 1651545553653,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2824933,
"country": "DO"
}
{
"request_time": 1651545545132,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2821788,
"country": "DO"
}
{
"request_time": 1651545465646,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2807496,
"country": "US"
}
{
"request_time": 1651545482284,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2813754,
"country": "US"
}
要直接从elasticsearch中得到如下格式的结果,应该使用哪种聚合方式?
device|unique_ip_count
chrome|50
firefox|10
非常感谢
client_ip 字段上的简单 terms bucket aggregation on the device field and a cardinality metric aggregation:
{
"size": 0,
"aggs": {
"devices": {
"terms": {
"field": "device",
"size": 10
},
"aggs": {
"unique_ips": {
"cardinality": {
"field": "client_ip"
}
}
}
}
}
}
我想查询 elasticsearch 以从存储桶中获取设备的唯一 ip 计数? 桶数据格式如下
{
"request_time": 1651545553544,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 1242,
"country": "DO"
}
{
"request_time": 1651545553653,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2824933,
"country": "DO"
}
{
"request_time": 1651545545132,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2821788,
"country": "DO"
}
{
"request_time": 1651545465646,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2807496,
"country": "US"
}
{
"request_time": 1651545482284,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2813754,
"country": "US"
}
要直接从elasticsearch中得到如下格式的结果,应该使用哪种聚合方式?
device|unique_ip_count
chrome|50
firefox|10
非常感谢
client_ip 字段上的简单 terms bucket aggregation on the device field and a cardinality metric aggregation:
{
"size": 0,
"aggs": {
"devices": {
"terms": {
"field": "device",
"size": 10
},
"aggs": {
"unique_ips": {
"cardinality": {
"field": "client_ip"
}
}
}
}
}
}