elasticsearch,xpack,Sql,elasticsearch,Xpack" /> elasticsearch,xpack,Sql,elasticsearch,Xpack" />
Fatal编程技术网
  • sql/
  • ElasticSearch Sql聚合查询错误与总和函数

ElasticSearch Sql聚合查询错误与总和函数

sql

ElasticSearch Sql聚合查询错误与总和函数,sql,elasticsearch,xpack,Sql,elasticsearch,Xpack,Sql查询是EL7.3提供的一个非常棒的工具。但是我无法解释这个错误: 当我使用带Match,1条件的SUM时,下面的查询工作得很好 POST _xpack/sql?format=txt { "query":"SELECT SUM(FlightTimeHour) Avg_Flight_Time FROM flights where MATCH(OriginCountry,'AE') " } 但如果我使用2个或更多条件,下面的求和匹配查询将失败: POST _xpack/sql?format=t

Sql查询是EL7.3提供的一个非常棒的工具。但是我无法解释这个错误:

当我使用带Match,1条件的SUM时,下面的查询工作得很好

POST _xpack/sql?format=txt
{
"query":"SELECT SUM(FlightTimeHour) Avg_Flight_Time FROM flights where MATCH(OriginCountry,'AE') "
}
但如果我使用2个或更多条件,下面的求和匹配查询将失败:

POST _xpack/sql?format=txt
{
"query":"SELECT SUM(FlightTimeHour) Avg_Flight_Time FROM flights where MATCH(OriginCountry,'AE') OR MATCH(OriginCountry,'FR') "
}
有人能告诉我出了什么问题吗?

SQL文档中没有提到匹配上的布尔运算符。我认为它不被支持

您可以按如下方式执行上述搜索 1.使用查询而不是匹配进行全文搜索

"query": "SELECT SUM(FlightTimeHour) Avg_Flight_Time FROM flights where  QUERY('OriginCountry: AE OR OriginCountry: FR')"
对关键字执行搜索 编辑:以上查询为弹性搜索

GET fonds/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "multi_match": {
            "query": "bordeaux",
            "fields": [
              "IDEE",
              "SLOGAN",
              "NOM",
              "ADRESSE",
              "VILLE",
              "ACTIVITE1",
              "ACTIVITE2",
              "KEYWORDS",
              "KEYWORDS_SITE",
              "SITE_H1_H6",
              "DESCRIPTION",
              "DESCRIPTION_SITE",
              "ACTIVITE3",
              "BUSINESS_MODEL",
              "COLORS"
            ]
          }
        },
        {
          "range": {
            "FONDS_LEVEES_TOTAL": {
              "gt": 0
            }
          } 
        },
        {
          "script": {
            "script": "doc['COMPE_RESULTAT_CA_2000'].value + doc['COMPE_RESULTAT_CA_2001'].value>0"
          }
        }
      ]
    }
  },
  "aggs": {
    "SUM": {
      "sum": {
        "field": "FONDS_LEVEES_TOTAL"
      }
    }
  }
}
感谢选项1运行良好,但无法组合例如查询'fieldname1:value1或fieldname2:value2和YEAR_CREATION>2010query:从查询'OriginCountry:AE或OriginCountry:FR和YEAR_CREATION:>2010'的航班中选择SUMFlightTimeHour Avg_Flight_时间-您需要在查询中添加YEAR CREATION并查找:>语法使用查询的几个示例。查询和匹配都用于全文搜索,因此如果您不需要部分匹配等,您可以避免复杂性并使用选项2,但问题是我必须将查询'OriginCountry:AE或OriginCountry:FR和YEAR_CREATION>2010'与聚合结合起来,而无法使其工作。代码从索引中选择SUM*,其中查询“OriginCountry:AE或OriginCountry:FR和年份创建>2010”查询“OriginCountry:AE或OriginCountry:FR和年份创建>2010”作品与OriginCountry:AE或OriginCountry:FR和年份创建>2010”相等。你能详细说明一下它是如何不适合你的吗 
GET fonds/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "multi_match": {
            "query": "bordeaux",
            "fields": [
              "IDEE",
              "SLOGAN",
              "NOM",
              "ADRESSE",
              "VILLE",
              "ACTIVITE1",
              "ACTIVITE2",
              "KEYWORDS",
              "KEYWORDS_SITE",
              "SITE_H1_H6",
              "DESCRIPTION",
              "DESCRIPTION_SITE",
              "ACTIVITE3",
              "BUSINESS_MODEL",
              "COLORS"
            ]
          }
        },
        {
          "range": {
            "FONDS_LEVEES_TOTAL": {
              "gt": 0
            }
          } 
        },
        {
          "script": {
            "script": "doc['COMPE_RESULTAT_CA_2000'].value + doc['COMPE_RESULTAT_CA_2001'].value>0"
          }
        }
      ]
    }
  },
  "aggs": {
    "SUM": {
      "sum": {
        "field": "FONDS_LEVEES_TOTAL"
      }
    }
  }
}