堆栈内存溢出
  简体   繁体   English

在Elasticsearch中由两个或多个字段聚合

[英]Aggregate by two or more fields in elasticsearch

 原文  2016-04-20 07:57:18       elasticsearch

问题描述

I have many documents with various ProcessName . 我有许多带有各种ProcessName文档。 Each has some status code named Code . 每个都有一些名为Code状态代码。

I need to aggregate the documents by those two fields. 我需要按这两个字段汇总文档。

For instance: 例如: 

ProcessA 
code: 1
count: 220 

ProcessA 
code: 2
count: 335

ProcessB
code: 2
count: 520 

ProcessC
code: 3
count: 520

I've managed to aggregate only by one field ( ProcessName ): 我设法只按一个字段( ProcessName )进行汇总: 

POST /_search
{
  "query": {
        "bool": {
          "must": [
            {
              "term": {
                "_type": "monitor"
              }
            }
          ]
        }
  },
  "aggs" : {
        "ProcessNameAgg" : {
            "terms" : { "field" : "ProcessName",
                        "size" : 5,
                        "order" : { "_count" : "desc" }
            }
        }
  }
}

I've tried to make terms an array with two fields, but unfortunately I'm getting parsing exception (terms should get ONLY one field). 我试图使terms成为具有两个字段的数组,但是不幸的是,我正在解析异常(terms应该只有一个字段)。

1 个解决方案

解决方案1
 1 已采纳  2016-04-20 08:01:11

Try this: 尝试这个: 

POST /_search
{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "_type": "monitor"
          }
        }
      ]
    }
  },
  "aggs": {
    "ProcessNameAgg": {
      "terms": {
        "field": "ProcessName",
        "size": 5,
        "order": {
          "_count": "desc"
        }
      },
      "aggs": {
        "codes": {
          "terms": {
            "field": "code",
            "size": 10
          }
        }
      }
    }
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 elasticsearch由多个字段聚合 - elasticsearch aggregate by multiple fields ElasticSearch聚合嵌套字段 - ElasticSearch aggregate nested fields 无法在elasticsearch中的嵌套字段上聚合 - Not able to aggregate on nested fields in elasticsearch 在 OpenSearch / ElasticSearch 聚合中连接字段 - Concatenating fields in OpenSearch / ElasticSearch aggregate 通过多个字段聚合并在ElasticSearch中计数 - Aggregate by multiple fields and count in ElasticSearch elasticsearch匹配两个领域 - elasticsearch match two fields ==检查两个字段elasticsearch - == check on two fields elasticsearch Elasticsearch中两个字段的划分 - Division of two fields in Elasticsearch 如何聚合elasticsearch中的动态字段? - How to aggregate over dynamic fields in elasticsearch? Elasticsearch 对嵌套字段的复合聚合查询 - Elasticsearch composite aggregate query on nested fields
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM