ElasticSearch計算按字段分組的多個字段
[英]ElasticSearch count multiple fields grouped by
問題描述
我有類似的文件
{"domain":"US", "zipcode":"11111", "eventType":"click", "id":"1", "time":100}
{"domain":"US", "zipcode":"22222", "eventType":"sell", "id":"2", "time":200}
{"domain":"US", "zipcode":"22222", "eventType":"click", "id":"3","time":150}
{"domain":"US", "zipcode":"11111", "eventType":"sell", "id":"4","time":350}
{"domain":"US", "zipcode":"33333", "eventType":"sell", "id":"5","time":225}
{"domain":"EU", "zipcode":"44444", "eventType":"click", "id":"5","time":120}
我想通過eventType = sell過濾這些文檔,並在125到400之間過濾時間,按域名分組,然后按郵政編碼進行分類,並對每個存儲分區中的文檔進行計數。 所以我的輸出就像(過濾器會忽略第一個文檔和最后一個文檔)
美國11111,1
美國22222,1
美國33333,1
在SQL中,這應該很簡單。 但是我無法在ElasticSearch上使用它。 有人可以幫我嗎?
如何編寫ElasticSearch查詢以完成上述任務?
1 個解決方案
解決方案1
1 已采納 2015-12-10 00:57:28
該查詢似乎可以滿足您的要求:
POST /test_index/_search
{
"size": 0,
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"eventType": "sell"
}
},
{
"range": {
"time": {
"gte": 125,
"lte": 400
}
}
}
]
}
}
}
},
"aggs": {
"zipcode_terms": {
"terms": {
"field": "zipcode"
}
}
}
}
回國
{
"took": 8,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 3,
"max_score": 0,
"hits": []
},
"aggregations": {
"zipcode_terms": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "11111",
"doc_count": 1
},
{
"key": "22222",
"doc_count": 1
},
{
"key": "33333",
"doc_count": 1
}
]
}
}
}
(請注意,“ 22222”處只有1個“賣出”,而不是2個)。
這是我用來測試的一些代碼:
http://sense.qbox.io/gist/1c4cb591ab72a6f3ae681df30fe023ddfca4225b
編輯:我剛剛意識到我省略了域部分,但是如果需要的話,也可以直接在其上添加存儲桶聚合。
Elasticsearch - 聚合多個字段,按計數過濾並按計數排序
[英]Elasticsearch - Aggregating on multiple fields, filtering on count and ordering on count
elasticsearch 獲取唯一值,並且值計入多個字段
[英]elasticsearch get unique values, and the values count on multiple fields
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.