堆栈内存溢出
  简体   繁体   English

带有布尔查询的弹性搜索聚合

[英]Elastic Search Aggregation with bool query

 原文  2020-06-19 09:02:09       elasticsearch

问题描述

This is my elastic bool query.这是我的弹性布尔查询。 this works fine:这工作正常:

{
  "query": {
        "bool": {
            "filter": [
                {
                    "terms": {
                        "parent_uuid._raw": [
                            "87ec596a-109e-45ce-8a8d-7a2d1a56df81",
                            "07526608-8140-46be-96b9-c5f7cca4bd93"
                        ]
                    }
                },
                {
                    "terms": {
                        "resource_type._raw": [
                            "Zone"
                        ]
                    }
                }
            ]
        }
    },
    "from": 0
}

I want aggregation on name field.我想对名称字段进行聚合。 So I add this:所以我添加了这个:

"aggs": {
    "group_by_name": {
        "terms": {
            "field": "display_name.keyword"
        }
    } }

But result is same.但结果是一样的。 What I am missing?我错过了什么?

The result I get is:我得到的结果是:

{ "device-resource": [ { "fq_name": [ "default-domain", "muthu1500", "EP", "JUNOS/Zone=oam" ], "uuid": "161cf82d-16fd-4219-861d-d50de622f8eb", "uri": "/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb" }, { "fq_name": [ "default-domain", "muthu1500", "EP", "JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, { "fq_name": [ "default-domain", "muthu1500", "MNONZT", "JUNOS/Zone=trust" ], "uuid": "251a4a9e-acb4-49ed-9c29-499ddbceb532", "uri": "/ems-central/device-resource/251a4a9e-acb4-49ed-9c29-499ddbceb532" }, { "fq_name": [ "default-domain", "muthu1500", "MNONZT", "JUNOS/Zone=untrust" ], "uuid": "a3417512-8953-4c1e-b68e-8390327d5213", "uri": "/ems-central/device-resource/a3417512-8953-4c1e-b68e-8390327d5213" }, { "fq_name": [ "default-domain", "muthu1500", "SRX1500MD", "JUNOS/Zone=trust" ], "uuid": "1a5434c5-d47d-40be-bb00-ef1d244e6c0c", "uri": "/ems-central/device-resource/1 {“设备资源”:[{“fq_name”:[“默认域”,“muthu1500”,“EP”,“JUNOS/Zone=oam”],“uuid”:“161cf82d-16fd-4219-861d- d50de622f8eb”,“uri”:“/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb”},{“fq_name”:[“默认域”,“muthu1500”,“EP”,“ JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, {“fq_name”:[“默认域”,“muthu1500”,“MNONZT”,“JUNOS/Zone=trust”],“uuid”:“251a4a9e-acb4-49ed-9c29-499ddbceb532”,“uri”:“ /ems-central/device-resource/251a4a9e-acb4-49ed-9c29-499ddbceb532" }, { "fq_name": [ "default-domain", "muthu1500", "MNONZT", "JUNOS/Zone=untrust" ], “uuid”:“a3417512-8953-4c1e-b68e-8390327d5213”,“uri”:“/ems-central/device-resource/a3417512-8953-4c1e-b68e-8390327d5213”},{“fq_name”:[“默认-domain”、“muthu1500”、“SRX1500MD”、“JUNOS/Zone=trust”]、“uuid”:“1a5434c5-d47d-40be-bb00-ef1d244e6c0c”、“uri”:“/ems-central/device-resource /1 a5434c5-d47d-40be-bb00-ef1d244e6c0c" } ], "total": 5 } a5434c5-d47d-40be-bb00-ef1d244e6c0c" } ],“总数”:5 }

Since last two records have same display_name as 2nd and 3rd record respectively, aggregate should show only 1 of them.由于最后两条记录分别与第二条和第三条记录具有相同的 display_name,因此聚合应仅显示其中一条。 I want this result:我想要这个结果:

{ "device-resource": [ { "fq_name": [ "default-domain", "muthu1500", "EP", "JUNOS/Zone=oam" ], "uuid": "161cf82d-16fd-4219-861d-d50de622f8eb", "uri": "/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb" }, { "fq_name": [ "default-domain", "muthu1500", "EP", "JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, { "fq_name": [ "default-domain", "muthu1500", "MNONZT", "JUNOS/Zone=trust" ], "uuid": "251a4a9e-acb4-49ed-9c29-499ddbceb532", "uri": "/ems-central/device-resource/251a4a9e-acb4-49ed-9c29-499ddbceb532" } ], "total": 3 } {“设备资源”:[{“fq_name”:[“默认域”,“muthu1500”,“EP”,“JUNOS/Zone=oam”],“uuid”:“161cf82d-16fd-4219-861d- d50de622f8eb”,“uri”:“/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb”},{“fq_name”:[“默认域”,“muthu1500”,“EP”,“ JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, {“fq_name”:[“默认域”,“muthu1500”,“MNONZT”,“JUNOS/Zone=trust”],“uuid”:“251a4a9e-acb4-49ed-9c29-499ddbceb532”,“uri”:“ /ems-central/device-resource/251a4a9e-acb4-49ed-9c29-499ddbceb532" } ],“总数”:3 }

1 个解决方案

解决方案1
 1 已采纳  2020-06-19 09:53:59

According to your mapping, your terms aggregation needs to be like this (use the _raw sub-field):根据您的映射,您的terms聚合需要是这样的(使用_raw子字段):

"aggs": {
  "group_by_name": {
    "terms": {
        "field": "display_name._raw"
    }
} }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 弹性搜索布尔查询 - Elastic search bool query 弹性平均 Bool 查询中的聚合 - Elastic Avg. Aggregation in Bool query 弹性搜索布尔查询错误 - elastic search bool query errors 具有范围查询的弹性搜索聚合 - Elastic search aggregation with range query 聚合弹性搜索查询与总和 - aggregation elastic search query with sum 弹性搜索聚合和复杂查询 - Elastic Search Aggregation and Complex Query Elastic Search中的布尔查询或过滤查询 - Bool query or filter query in Elastic Search 使用多个级别的“布尔查询”查询弹性搜索 - Query elastic search with many levels of “bool query” 弹性搜索:使用过滤器并应该bool查询 - Elastic Search: use filter and should bool query 多个字段的弹性搜索布尔查询 - Elastic Search Bool Query for multiple fields
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM