我有以下查询获取数据,并创建过去一小时的聚合:
query = {
"query": {
"bool": {
"must": [
{ "term": {"deviceId":device} },
{ "match": {"eventType":"Connected"} }
],
"must_not":[{
"query_string": {
"query": "Pong",
"fields": ["data.message"]
}
},
]
},
},
"size": 0,
"sort": [{ "timestamp": { "order": "desc" }}],
"aggs" : {
"time_buckets" : {
"date_histogram" : {
"field" : "timestamp",
"interval" : "hour",
},
}
}
}
我想获得每小时间隔(由聚合创建的每个桶)的字段的平均值。在这篇文章中,他们谈论了类似于我想做的事情: http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/_looking_at_time.html ("我们网站上周每小时的平均延迟时间是多少?")。但是,在这种情况下,他们无法准确解释该怎么做。
有谁知道怎么做?
答案 0 :(得分:10)
刚刚意识到我可以进行嵌套聚合,然后计算聚合内字段的平均值。这就是我所做的,现在它正常运作:
query = {
"query": {
"bool": {
"must": [
{ "term": {"deviceId":device} },
{ "match": {"eventType":"Connected"} }
],
"must_not":[{
"query_string": {
"query": "Pong",
"fields": ["data.message"]
}
},
]
},
},
"size": 0,
"sort": [{ "timestamp": { "order": "desc" }}],
"aggs" : {
"time_buckets" : {
"date_histogram" : {
"field" : "timestamp",
"interval" : "day"
},
"aggs" : {
"avg_battery" : {
"avg": { "field": "data.battery-level" }
}
}
}
}
}