减去弹性搜索索引中的两个字段
[英]subtract two fields in elastic search index
问题描述
I am trying to do some analysis over the fields indexed in elastic search. 
我正在尝试对弹性搜索中索引的字段进行一些分析。
2 of the fields are 'start_time' and 'end_time'. 其中两个字段是“ start_time”和“ end_time”。 I would basically want to group the difference of these 2 fields ie ('end_time' - 'start_time') for my analysis. 我基本上想对这两个字段的差异进行分组,即('end_time'-'start_time')进行分析。 But, I'm not able to find a direct answer to this question. 但是,我找不到这个问题的直接答案。
Request you to help in this. 要求您提供帮助。
** Edit ** **编辑**
Based on the answer by PPearcy below, I have explored terms aggregations and I have applied it on the index. 根据下面的PPearcy的答案,我研究了术语聚合并将其应用于索引。 However, I have not yet applied script in the query as I'm still exploring terms aggregation. 但是,由于我仍在研究术语聚合,因此尚未在查询中应用script 。 But, I am facing another problem here:- 但是,我在这里面临另一个问题:
My index contains 3,513,903 documents with a size of 2.1 GB. 我的索引包含3,513,903个文档,大小为2.1 GB。 Here is my query:- 这是我的查询:
$ curl -X GET http://localhost:9200/rum_beacon/rum/_search -d '{"aggs":{"resp":{"terms":{"field":"response_start"}}}}' 2>/dev/null| python -c "import sys, json, pprint; j=json.load(sys.stdin); buckets=j['aggregations']['resp']['buckets'];m=map(lambda x: x,buckets); pprint.pprint( m)"
[{u'doc_count': 124219, u'key': 0, u'key_as_string': u'0'},
{u'doc_count': 73779, u'key': 1, u'key_as_string': u'1'},
{u'doc_count': 27135, u'key': 2, u'key_as_string': u'2'},
{u'doc_count': 10569, u'key': 3, u'key_as_string': u'3'},
{u'doc_count': 6065, u'key': 4, u'key_as_string': u'4'},
{u'doc_count': 4498, u'key': 157, u'key_as_string': u'157'},
{u'doc_count': 4473, u'key': 144, u'key_as_string': u'144'},
{u'doc_count': 4461, u'key': 162, u'key_as_string': u'162'},
{u'doc_count': 4443, u'key': 164, u'key_as_string': u'164'},
{u'doc_count': 4434, u'key': 155, u'key_as_string': u'155'}]
**The problem:** **问题:**
I'm not able to get the results for all the response_start fields. 我无法获得所有response_start字段的结果。 I get only 10 values in the response json. 我在响应json中仅获得10个值。
**What I've tried** **我尝试过的**
I tried giving the size field in the json request, but, I still get only 10 values in the response:- 我尝试在json请求中提供size字段,但是,我仍然在响应中仅获得10个值:-
$ curl -X GET http://localhost:9200/rum_beacon/rum/_search -d '{"size":50,"aggs":{"resp":{"terms":{"field":"response_start"}}}}' 2>/dev/null| python -c "import sys, json, pprint; j=json.load(sys.stdin); buckets=j['aggregations']['resp']['buckets'];m=map(lambda x: x,buckets); pprint.pprint( m)"
[{u'doc_count': 124219, u'key': 0, u'key_as_string': u'0'},
{u'doc_count': 73779, u'key': 1, u'key_as_string': u'1'},
{u'doc_count': 27135, u'key': 2, u'key_as_string': u'2'},
{u'doc_count': 10569, u'key': 3, u'key_as_string': u'3'},
{u'doc_count': 6065, u'key': 4, u'key_as_string': u'4'},
{u'doc_count': 4498, u'key': 157, u'key_as_string': u'157'},
{u'doc_count': 4473, u'key': 144, u'key_as_string': u'144'},
{u'doc_count': 4461, u'key': 162, u'key_as_string': u'162'},
{u'doc_count': 4443, u'key': 164, u'key_as_string': u'164'},
{u'doc_count': 4434, u'key': 155, u'key_as_string': u'155'}]
1 个解决方案
解决方案1
2 已采纳 2014-07-04 02:50:01
Take a look at aggregates on script fields: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations.html 看一下脚本字段上的汇总: http : //www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations.html
For your case, you would be doing a terms aggregate on a script field as specified here: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html 对于您的情况,您将在此处指定的脚本字段上进行术语汇总: http : //www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.