logo标签列表

基于doc_count的Elasticsearch范围桶聚合

elasticsearchelasticsearch-dsl
9

我有一个类似这样的elasticsearch聚合查询。

{
    "aggs": {
        "customer": {
            "aggs": {
                "Total_Sale": {
                    "sum": {
                        "field": "amount"
                    }
                }
            },
            "terms": {
                "field": "org",
                "size": 50000
            }
        }
    }
}

并且它会导致以下形式的桶聚合结果:
{
    "aggregations": {
        "customer": {
            "buckets": [
                {
                    "Total_Sale": { "value": 9999 },
                    "doc_count": 8,
                    "key": "cats"
                },
                {
                    "Total_Sale": { "value": 8888 },
                    "doc_count": 6,
                    "key": "tigers"
                },
                {
                    "Total_Sale": { "value": 444},
                    "doc_count": 5,
                    "key": "lions"
                },
                {
                    "Total_Sale": { "value": 555 },
                    "doc_count": 2,
                    "key": "wolves"
                }
           ]
       }
    }
}

我希望能基于doc_count创建另一个范围桶聚合。因此,最终所需结果为:
{
    "buckets": [    
        {               
            "Sum_of_Total_Sale": 555, // If I can form bucket, I can get this using sum_bucket. So, getting bucket is important.
            "Sum_of_doc_count": 2, 
            "doc_count": 1, 
            "key": "*-3",   
            "to": 3.0       
        },              
        {               
            "Sum_of_Total_Sale": 9332,
            "Sum_of_doc_count": 11,
            "doc_count": 2, 
            "from": 4.0,    
            "key": "4-6",   
            "to": 6.0       
        },                  
        {               
            "Sum_of_Total_Sale": 9999,
            "Sum_of_doc_count": 8,
            "doc_count": 1, 
            "from": 7.0,    
            "key": "7-*"    
        }                   
    ]                   
}
  • 由于有多个范围键,因此无法使用Bucket Selector Aggregation及其后的桶求和聚合。
  • Bucket Script Aggregation在桶内进行计算。
  • 我能否为每个文档添加一个脚本化文档字段,以帮助我创建这些桶?
1个回答
4

在我所知的聚合技术中,没有一种可以允许您一次完成此操作。但是,有一种技术是我偶尔会用来克服这个限制的。这个思路是重复相同的terms/sum聚合,然后对您感兴趣的每个范围使用一个bucket_selector管道聚合。

POST index/_search
{
  "size": 0,
  "aggs": {
    "*-3": {
      "terms": {
        "field": "org",
        "size": 1000
      },
      "aggs": {
        "Total_Sale": {
          "sum": {
            "field": "amount"
          }
        },
        "*-3": {
          "bucket_selector": {
            "buckets_path": {
              "docCount": "_count"
            },
            "script": "params.docCount <= 3"
          }
        }
      }
    },
    "*-3_Total_Sales": {
      "sum_bucket": {
        "buckets_path": "*-3>Total_Sale"
      }
    },
    "*-3_Total_Docs": {
      "sum_bucket": {
        "buckets_path": "*-3>_count"
      }
    },
    "4-6": {
      "terms": {
        "field": "org",
        "size": 1000
      },
      "aggs": {
        "Total_Sale": {
          "sum": {
            "field": "amount"
          }
        },
        "4-6": {
          "bucket_selector": {
            "buckets_path": {
              "docCount": "_count"
            },
            "script": "params.docCount >= 4 && params.docCount <= 6"
          }
        }
      }
    },
    "4-6_Total_Sales": {
      "sum_bucket": {
        "buckets_path": "4-6>Total_Sale"
      }
    },
    "4-6_Total_Docs": {
      "sum_bucket": {
        "buckets_path": "4-6>_count"
      }
    },
    "7-*": {
      "terms": {
        "field": "org",
        "size": 1000
      },
      "aggs": {
        "Total_Sale": {
          "sum": {
            "field": "amount"
          }
        },
        "7-*": {
          "bucket_selector": {
            "buckets_path": {
              "docCount": "_count"
            },
            "script": "params.docCount >= 7"
          }
        }
      }
    },
    "7-*_Total_Sales": {
      "sum_bucket": {
        "buckets_path": "7-*>Total_Sale"
      }
    },
    "7_*_Total_Docs": {
      "sum_bucket": {
        "buckets_path": "7-*>_count"
      }
    }
  }
}

您将会得到一个类似于这样的答案,其中包含了您在xyz_Total_Salesxyz_Total_Docs结果中正在寻找的确切数字:

  "aggregations": {
    "*-3": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "wolves",
          "doc_count": 2,
          "Total_Sale": {
            "value": 555
          }
        }
      ]
    },
    "7-*": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "cats",
          "doc_count": 8,
          "Total_Sale": {
            "value": 9999
          }
        }
      ]
    },
    "4-6": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "tigers",
          "doc_count": 6,
          "Total_Sale": {
            "value": 8888
          }
        },
        {
          "key": "lions",
          "doc_count": 5,
          "Total_Sale": {
            "value": 444
          }
        }
      ]
    },
    "*-3_Total_Sales": {
      "value": 555
    },
    "*-3_Total_Docs": {
      "value": 2
    },
    "4-6_Total_Sales": {
      "value": 9332
    },
    "4-6_Total_Docs": {
      "value": 11
    },
    "7-*_Total_Sales": {
      "value": 9999
    },
    "7_*_Total_Docs": {
      "value": 8
    }
  }
如何在Kibana中进行可视化呢?我想象x轴是[-3_Total_Sales、4-6_Total_Sales、7-_Total_Sales],而y轴则是它们的值。 - Egor Okhterov
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接