elasticsearch,Aggregation" />
elasticsearch,aggregation,Sorting,Sorting 聚合弹性搜索中桶的字符串排序
我想按具有字符串值的字段对结果进行排序,例如,我的响应如下Sorting 聚合弹性搜索中桶的字符串排序,sorting,
elasticsearch,aggregation,Sorting,
"aggregations": {
"group_agg": {
"doc_count_error_upper_bound": -1,
"sum_other_doc_count": 82,
"buckets": [
{
"key": "38:16:33:6A:71:FF",
"doc_count": 1,
"group_agg_top_hit": {
"hits": {
"total": 1,
"max_score": null,
"hits": [
{
"_index": "23432534534",
"_type": "log",
"_id": "123143435346",
"_score": null,
"_source": {
"name1": "aaa-bbb",
"name2": "asdasd-bbb",
"Mac": "38:22:33:6A:71:FF",
"description": "",
"event_timestamp": "2017-12-16T08:06:10.000+0000",
"ssid": "aaa-network"
},
"sort": [
1513411570000
]
}
]
}
},
"order_agg": {
"value": 1513411570000,
"value_as_string": "2017-12-16T08:06:10.000Z"
}
}
]
}
}
"aggs": {
"group_agg": {
"terms": {
"field": "Mac.rawData",
"size": 1,
"order" : { "order_agg" : "asc" } ----> need to change this to make sorting by name 1 or name 2
},
"aggs": {
"order_agg": {
"max": {
"field": "event_timestamp"
}
},
"group_agg_top_hit": {
"top_hits": {
"sort": [
{
"event_timestamp": {
"order": "desc"
}
}
],
"_source": {
"includes": ["name1", "name2", "Mac", "ssid", "event_timestamp","description"]
},
"size": 1
}
}
}
}
请帮助我我也曾试图做到这一点;但是,由于所有单值度量聚合(如
maxavg整数类型,因此无效
你可能遇到过这种情况,并且像我一样寻求外部帮助;希望其他人看到你的这篇文章,并指出一个聚合解决方案或至少是替代方案或最佳实践,可以通过文本字段来完成桶排序。如果你使用的是ES version>6.x,那么你可以使用复合聚合。它接受文本搜索,但工作原理与术语聚合略有不同: