像搜索一样的弹性搜索......其中......组...

时间:2014-08-03 16:58:03

标签: sql elasticsearch having

在elasticsearch中,如何实现像这样的SQL函数:

SELECT a, sum(b), sum(c), d
FROM TableA 
WHERE a IN (1,2,3,4) AND d = 88 
GROUP BY a 
HAVING sum(b) > 10 
ORDER BY sum(b) desc, sum(c) asc 
LIMIT 10 OFFSET 5;

到目前为止,我只做了这个:

{
    "size":0,
    "query":{
        "filtered": {
            "filter":{
                "terms":{
                    "a": [1, 2, 3, 4]
                }
            },
            "query":{
                "match": {
                    "d": 8
                }
            }
        }
    },

    "aggs": {
        "group_by_a":{
            "terms":{
                "field": "a",
                "size": 10,
                "order" : { "sum(b)" : "desc" }
            },
            "aggs" : {
                "sum(b)": {"sum": {"field": "b"}},
                "sum(c)": {"sum": {"field": "c"}}
            }
        }
    }
}

就像我刚刚实现的那样:

SELECT a, sum(b), sum(c)
FROM TableA 
WHERE a IN (1,2,3,4) AND d = 88 
GROUP BY a 
HAVING sum(b) > 10 
ORDER BY sum(b) desc
LIMIT 10;

如何处理额外的返回字段 d ,有条件,额外的顺序是 sum(c)asc 偏移5 < / strong>?

很遗憾我发现有条款目前是unsupported

1 个答案:

答案 0 :(得分:3)

这在5.2中实现为bucket selector aggregation,ex

GET /_search
{
    "size": 0,
    "query": {
        "term": { "code": "16001" }
    },
    "aggs" : {
        "errors_per_week" : {
            "date_histogram" : {
                "field" : "date",
                "interval" : "week"
            },
            "aggs": {
                "total_errors": {
                    "value_count": {
                        "field": "code"
                    }
                },
                "error_bucket_filter": {
                    "bucket_selector": {
                        "buckets_path": {
                          "totalErrors": "total_errors"
                        },
                        "script": "params.totalErrors > 5"
                    }
                }
            }
        }
    }
}