过滤+聚合+排序
需求:统计年龄大于20岁的收入的平均值
GET /user/_search { "query":{ "range":{ "age":{ "gte":20 } } }, "aggs": { "avg_salary": { "avg": { "field":"salary" } } }, "size":0 }
需求:统计年龄的平均收入升序排序
GET /user/_search { "aggs": { "group_by_age": { "terms": { "field":"age", "order":{ "avg_salary":"asc" } }, "aggs":{ "avg_salary":{ "avg":{ "field":"salary" } } } } }, "size": 0 }
年龄+生日下钻分析最深层次的metric进行排序
GET /user/_search { "aggs": { "group_by_age": { "terms": { "field":"age" }, "aggs":{ "group_by_birthday":{ "terms":{ "field":"birthday" }, "aggs":{ "avg_salary":{ "avg":{ "field":"salary" } } } } } } }, "size": 0 } -----------------------结果----------------------- { "took" : 17, "timed_out" : false, "_shards" : { "total" : 3, "successful" : 3, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 6, "relation" : "eq" }, "max_score" : null, "hits" : [ ] }, "aggregations" : { "group_by_age" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : 20, "doc_count" : 2, "group_by_birthday" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : 1580601600000, "key_as_string" : "2020-02-02 00:00:00", "doc_count" : 1, "avg_salary" : { "value" : 22000.0 } }, { "key" : 1591056000000, "key_as_string" : "2020-06-02 00:00:00", "doc_count" : 1, "avg_salary" : { "value" : 36000.0 } } ] } }, { "key" : 26, "doc_count" : 2, "group_by_birthday" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : 1591056000000, "key_as_string" : "2020-06-02 00:00:00", "doc_count" : 2, "avg_salary" : { "value" : 30000.0 } } ] } }, { "key" : 18, "doc_count" : 1, "group_by_birthday" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : 1577923200000, "key_as_string" : "2020-01-02 00:00:00", "doc_count" : 1, "avg_salary" : { "value" : 20000.0 } } ] } }, { "key" : 24, "doc_count" : 1, "group_by_birthday" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : 1583366400000, "key_as_string" : "2020-03-05 00:00:00", "doc_count" : 1, "avg_salary" : { "value" : 22000.0 } } ] } } ] } } }
filter聚合,再内嵌terms聚合
GET /logs/_search { "size":0, "aggs": { "group_province": { "filter":{ "term": { "province.keyword":"江苏" } }, "aggs": { "count_of_latency": { "terms": { "field": "latency", "size": 10 } } } } } }
filter聚合,再内嵌terms聚合,再内嵌avg聚合,再根据平均年龄排序
GET /logs/_search { "size":0, "aggs": { "group_province": { "filter":{ "term": { "province.keyword":"江苏" } }, "aggs": { "count_of_latency": { "terms": { "field": "latency", "size": 10, "order":{ "avg_latency":"desc" } }, "aggs": { "avg_latency": { "avg": { "field": "latency" } } } } } } } }
先构建多个过滤器,再根据这些过滤器聚合。应用场景,如果你group by 后面的条件不仅仅是字段,而需要将字段中的各个值,重新分类,定义成不同的类型再group by,可以用这个聚合。
PUT /logs/_bulk?refresh { "index" : { "_id" : 1 } } { "body" : "warning: page could not be rendered" } { "index" : { "_id" : 2 } } { "body" : "authentication error" } { "index" : { "_id" : 3 } } { "body" : "warning: connection timed out" }
GET logs/_search { "size": 0, "aggs" : { "log_filter" : { "filters" : { "filters" : { "errors" : { "match" : { "body" : "error" }}, "warnings" : { "match" : { "body" : "warning" }} } } } } } { "took" : 14, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 15, "relation" : "eq" }, "max_score" : null, "hits" : [ ] }, "aggregations" : { "log_filter" : { "buckets" : { "errors" : { "doc_count" : 1 }, "warnings" : { "doc_count" : 2 } } } } }
立志如山 静心求实
浙公网安备 33010602011771号