elasticsearch aggs里再按条件聚合数据
elasticsearch支持很强大的数据处理功能,在聚合数据方面,elasticsearch提供了很多的api,具体请参考elasticsearch官网。
这里只简单说一下如何多重聚合数据。
1、最简单的聚合数据,相当于mysql里的group by
比如,再现在按照公司来聚合数据:
{
"aggs": {
"companies": {
"terms": {
"field": "company",
"size": 0
}
}
},
"size": 0
}
执行后,结果里将会包含这样的数据:
"companies":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":"company1",
"doc_count":90
},
{
"key":"company2",
"doc_count":1
}
]
}
2、在结果里增加另外字段的聚合结果,相当于mysql里group by两个字段
比如,再现在按照公司来聚合数据,然后再按部门聚合数据:
{
"aggs": {
"companies": {
"terms": {
"field": "company",
"size": 0
},
"aggs": {
"developments": {
"terms": {
"field": "development",
"size": 0
}
}
}
}
},
"size": 0
}
执行后,结果里将会包含这样的数据:
"companies":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":"company1",
"doc_count":90,
"developments":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":"部门1",
"doc_count":20
}
]
}
},
{
"key":"company2",
"doc_count":1,
"developments":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":"部门2",
"doc_count":10
}
]
}
}
]
}
3、再增强一下,按照某个日期以后添加的部门数据
{
"aggs": {
"companies": {
"terms": {
"field": "company",
"size": 0
},
"aggs": {
"developments": {
"date_range": {
"field": "createtime",
"format": "yyy-MM-dd",
"ranges": [
{
"from": "now-10M/M"
}
]
}
}
}
}
},
"size": 0
}
执行后,结果里将会包含这样的数据:
"companies":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":"company1",
"doc_count":90,
"developments":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key": "2017-06-15-*",
"from": 1497484800000,
"from_as_string": "2017-06-15",
"doc_count": 8
}
]
}
},
{
"key":"company2",
"doc_count":1,
"developments":{
"buckets":[
{
"key": "2017-06-15-*",
"from": 1497484800000,
"from_as_string": "2017-06-15",
"doc_count": 3
}
]
}
}
]
}
这里的子部门数据是从2017-06-15开始到现在添加的。
还有很多其它的聚合方法,请到官网查看。
浙公网安备 33010602011771号