在以下聚合中,我想提取从nginx日志中索引的前10个唯一的URLs。我不确定汇总的结果。如何达到以下条件:
request_path字段/rest/v3/users,/rest/v3/users/uuid,并在结果中返回父资源查询:
GET _search
{
"query": {
"bool": {
"must": {
"match_phrase": {
"request_path": "rest/v3"
}
}
}
},
"aggs": {
"top_hits": {
"terms": {
"field": "request_path.keyword",
"size": 100000,
"include": {
"partition": 1,
"num_partitions": 100
}
}
}
},
"size": 20
}
预期结果:
[
{
"request_path": "/rest/v3/users",
"count": 100
},
{
"request_path": "/rest/v3/archives",
"count": 20
},
{
"request_path": "/rest/v3/payments",
"count": 85
}
...
]