简体   繁体   English

如何使用 elasticsearch 中的聚合值计算平均值?

[英]How to calculate average using aggregated values in elasticsearch?

If this is a small portion of document looks like,如果这是文件的一小部分,

{ "metricName" : "call", "createdDate" : "2019-10-31T00:00:00.000Z", "responseCode: "200" }
{ "metricName" : "email", "createdDate" : "2019-10-31T00:00:00.000Z", "responseCode: "400" }
{ "metricName" : "chat", "createdDate" : "2019-10-31T00:00:00.000Z", "responseCode: "300" }
.
.

I need to do below operations in one query.我需要在一个查询中执行以下操作。

  1. The query should allow me to filter records based on createdDate, responseCode and metricName.该查询应该允许我根据 createdDate、responseCode 和 metricName 过滤记录。
  2. The result needs to be grouped by metricName and createdDate.结果需要按 metricName 和 createdDate 分组。
  3. Also, need to extract a count of records for each group by.此外,需要为每个组提取记录计数。
  4. I need to find the average of records containing a specific responseCode based on records created at the same instance ( for a given createdDate).我需要根据在同一实例中创建的记录(对于给定的 createdDate)找到包含特定 responseCode 的记录的平均值。

The aggregations API allows grouping by multiple fields, using sub-aggregations.聚合 API 允许使用子聚合按多个字段进行分组。 Suppose you want to group by fields field1, field2 and field3:假设您要按字段 field1、field2 和 field3 进行分组:

Your 1,2 and 3 questions are solved with this query.您的 1,2 和 3 问题已通过此查询解决。

POST /stackoverflow/_search?size=0
{
    "query": {
        "bool": {
            "must": [
                {
                    "match_phrase": {
                        "createdDate": {
                            "query": "2019-10-31T00:00:00.000Z",
                            "slop": 0,
                            "zero_terms_query": "NONE",
                            "boost": 1
                        }
                    }
                },
                {
                    "match_phrase": {
                        "responseCode": {
                            "query": "200",
                            "slop": 0,
                            "zero_terms_query": "NONE",
                            "boost": 1
                        }
                    }
                },
                {
                    "match_phrase": {
                        "metricName": {
                            "query": "call",
                            "slop": 0,
                            "zero_terms_query": "NONE",
                            "boost": 1
                        }
                    }
                }
            ]
        }
    },
    "aggr": {
        "agg1": {
            "terms": {
                "field": "metricName",
                "size": 10,
                "order": [
                    {
                        "_count": "desc"
                    },
                    {
                        "_key": "asc"
                    }
                ]
            }
        },
        "aggs": {
            "agg2": {
                "terms": {
                    "field": "createdDate",
                    "size": 10,
                    "order": [
                        {
                            "_count": "desc"
                        },
                        {
                            "_key": "asc"
                        }
                    ]
                }
            }
        }
    }
}

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM