elasticsearch,Nested,Aggregate" />
elasticsearch,nested,aggregate,Json,Json 如何在不同的嵌套对象上查询具有项和和的elasticsearch聚合?
我有以下对象,其Json 如何在不同的嵌套对象上查询具有项和和的elasticsearch聚合?,json,
elasticsearch,nested,aggregate,Json,
value{
"metadata": {
"tenant": "home",
"timestamp": "2016-03-24T23:59:38Z"
},
"value": {
{ "key": "foo", "int_value": 100 },
{ "key": "bar", "str_value": "taco" }
}
}
{
"my_index": {
"mappings": {
"my_doctype": {
"properties": {
"metadata": {
"properties": {
"tenant": {
"type": "string",
"index": "not_analyzed"
},
"timestamp": {
"type": "date",
"format": "dateOptionalTime"
}
}
},
"value": {
"type": "nested",
"properties": {
"str_value": {
"type": "string",
"index": "not_analyzed"
},
"int_value": {
"type": "long"
},
"key": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
}
}
- 在
键设置为“bar” - 在通过上述聚合创建的每个bucket中,计算
键设置为“foo” - 在给定的时间范围内,在
日期\u直方图中列出结果
术语日期直方图{
"query": {
"match_all": {}
},
"aggs": {
"filters": {
"filter": {
"bool": {
"must": [
{
"term": {
"metadata.org": "gw"
}
},
{
"range": {
"metadata.timestamp": {
"gte": "2016-03-24T00:00:00.000Z",
"lte": "2016-03-24T23:59:59.999Z"
}
}
}
]
}
},
"aggs": {
"intervals": {
"date_histogram": {
"field": "metadata.timestamp",
"interval": "1d",
"min_doc_count": 0,
"extended_bounds": {
"min": "2016-03-24T00:00:00Z",
"max": "2016-03-24T23:59:59Z"
},
"format": "yyyy-MM-dd'T'HH:mm:ss'Z'"
},
"aggs": {
"nested_type": {
"nested": {
"path": "value"
},
"aggs": {
"key_filter": {
"filter": {
"term": {
"value.key": "bar"
}
},
"aggs": {
"groupBy": {
"terms": {
"field": "value.str_value"
},
"aggs": {
"other_nested": {
"reverse_nested": {
"path": "value"
},
"aggs": {
"key_filter": {
"filter": {
"term": {
"value.key": "foo"
}
},
"aggs": {
"amount_sum": {
"sum": {
"field": "value.int_value"
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 7,
"max_score": 0.0,
"hits": []
},
"aggregations": {
"filters": {
"doc_count": 2,
"intervals": {
"buckets": [
{
"key_as_string": "2016-03-24T00:00:00Z",
"key": 1458777600000,
"doc_count": 2,
"nested_type": {
"doc_count": 5,
"key_filter": {
"doc_count": 2,
"groupBy": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "taco",
"doc_count": 1,
"other_nested": {
"doc_count": 1,
"key_filter": {
"doc_count": 1,
"amount_sum": {
"value": 100.0
}
}
}
}
]
}
}
}
}
]
}
}
}
}
…groupBy.bucket.key\u filter.amount\u sum返回0.0
,而不是100.0
我认为这是因为嵌套对象作为单独的文档编制索引,因此按一个键
属性的值进行过滤不允许我根据另一个键
进行查询
有人知道如何让这种查询工作吗
更详细地说,这种文档结构的原因是因为我不控制被索引的JSON文档的内容,所以不同的tenant
s可能具有具有不同值的冲突键名(例如{“tenant”:“abc”,“value”:{“foo”:“a”}
与{“tenant”:“xyz”,“value”:{“foo”:1}
。我尝试使用的方法就是本文所阐述的方法,它建议将您不控制的对象转换为您所控制的结构,并使用嵌套对象来帮助实现这一点(特别是本文的每个数据类型的嵌套字段
部分)。如果有更好的方法来处理不控制文档JSON结构的情况,我也愿意学习,这样我就可以执行聚合
谢谢大家!
编辑:我使用的是Elasticsearch 1.5。通过使用反向嵌套的
聚合解决了这种情况,如下所述: