<img src="//i.stack.imgur.com/RUiNP.png" height="16" width="18" alt="" class="sponsor tag img">elasticsearch ElasticSearch计数按分组的多个字段_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Filter_Count_Group By

elasticsearch ElasticSearch计数按分组的多个字段

filter

elasticsearch ElasticSearch计数按分组的多个字段,elasticsearch,filter,count,group-by,elasticsearch,Filter,Count,Group By,我有这样的文件 {"domain":"US", "zipcode":"11111", "eventType":"click", "id":"1", "time":100} {"domain":"US", "zipcode":"22222", "eventType":"sell", "id":"2", "time":200} {"domain":"US", "zipcode":"22222", "eventType":"click", "id":"3","time":150} {"domai

我有这样的文件

{"domain":"US", "zipcode":"11111", "eventType":"click", "id":"1", "time":100}

{"domain":"US", "zipcode":"22222", "eventType":"sell", "id":"2", "time":200}

{"domain":"US", "zipcode":"22222", "eventType":"click", "id":"3","time":150}

{"domain":"US", "zipcode":"11111", "eventType":"sell", "id":"4","time":350}

{"domain":"US", "zipcode":"33333", "eventType":"sell", "id":"5","time":225}

{"domain":"EU", "zipcode":"44444", "eventType":"click", "id":"5","time":120}

我想按eventType=sell和125到400之间的时间过滤这些文档，按域分组，然后按zipcode，并计算每个bucket中的文档数。所以我的输出是这样的（第一个和最后一个文档将被过滤器忽略）

美国,11111,

美国22221

美国，33333

在SQL中，这应该很简单。但我无法将其用于ElasticSearch。有人能帮帮我吗

如何编写ElasticSearch查询来完成上述任务？

此查询似乎满足了您的要求：

POST /test_index/_search
{
   "size": 0,
   "query": {
      "filtered": {
         "filter": {
            "bool": {
               "must": [
                  {
                     "term": {
                        "eventType": "sell"
                     }
                  },
                  {
                     "range": {
                        "time": {
                           "gte": 125,
                           "lte": 400
                        }
                     }
                  }
               ]
            }
         }
      }
   },
   "aggs": {
      "zipcode_terms": {
         "terms": {
            "field": "zipcode"
         }
      }
   }
}

{
   "took": 8,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 3,
      "max_score": 0,
      "hits": []
   },
   "aggregations": {
      "zipcode_terms": {
         "doc_count_error_upper_bound": 0,
         "sum_other_doc_count": 0,
         "buckets": [
            {
               "key": "11111",
               "doc_count": 1
            },
            {
               "key": "22222",
               "doc_count": 1
            },
            {
               "key": "33333",
               "doc_count": 1
            }
         ]
      }
   }
}

（请注意，在“22222”处只有1个“卖出”，而不是2个）

下面是我用来测试它的一些代码：

你可能想看看，和

编辑：我刚刚意识到我遗漏了域部分，但如果需要，也可以直接添加一个bucket聚合。谢谢