弹性搜索查询组与条件给出意外结果

时间:2014-09-09 15:14:45

标签: elasticsearch logstash

我正在使用elasticsearch 1.3而我正在尝试使用计数获取每种buisness_process的groupby。此外,如果我能通过时间戳进一步打破这一点,那就太棒了。

{
    "query": {
        "bool": {
            "should": [
                {
                    "match": {
                        "business_process": "overlimit"
                    }
                },
                {
                    "match": {
                        "business_process": "proposal"
                    }
                },
                {
                    "match": {
                        "business_process": "overdraft"
                    }
                }
            ]
        }
    },
    "facets": {
        "name_your_facet_here": {
            "terms": {
                "field": "business_process",
                "size": 100000
            }
        }
    }
}

提前致谢。

1 个答案:

答案 0 :(得分:0)

根据您的不完整问题, 获取business_process["overlimit", "proposal", "overdraft"] 的计数,

POST http://localhost:9200/gccount/Customer/_search
{
    "size": 0, 
    "query": {
        "terms": {
           "business_process": [ "overlimit", "proposal", "overdraft"]
        }
    },
    "facets": {
        "name_your_facet_here": {
            "terms": {
                "field": "business_process",
                "size": 100000
            }
        }
    }
}


POST http://localhost:9200/gccount/Customer/_search
{
   "size": 0,
   "query": {
      "filtered": {
         "query": {
            "match_all": {}
         },
         "filter": {
            "terms": {
               "business_process": [ "proposal", "overlimit", "overdraft"]
            }
         }
      }
   },
   "facets": {
      "name_your_facet_here": {
         "terms": {
            "field": "business_process",
            "size": 100000
         }
      }
   }
}

business_process的映射预计为"index" : "not_analyzed"

您当前的查询似乎只响应第一场比赛,即overlimit

相关问题
最新问题