我正在尝试构建一个Elasticsearch查询,该查询只返回特定字段的唯一值。
我不想返回该字段的所有值,也不想计算它们。
例如,如果该字段当前包含50个不同的值,并且我搜索仅返回20个匹配(大小= 20)。我希望20个结果中的每个结果都具有该字段的唯一结果,但我并不关心结果中未表示的其他30个值。
例如,使用以下搜索(伪代码 - 未选中):
{
from:0,
size:20,
query: {
bool: {
must: {
range: { field1: {gte: 50}},
term: {field2: 'salt'},
unique?: {field3},
},
mustnot: {
match: { field4: 'pepper'},
},
}
}
}
中的第三行必须,我想只返回 field3 的唯一值,但我不想返回所有这些值或计算它们。
答案 0 :(得分:3)
您应该可以使用terms aggregation轻松完成此操作。
这是一个例子。我定义了一个简单的索引,其中包含一个"index": "not_analyzed"的字段,因此我们可以将每个字段的全文作为唯一值,而不是通过对其进行标记来生成的术语等。
DELETE /test_index
PUT /test_index
{
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"title": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
然后我使用bulk API添加一些文档。
POST /test_index/_bulk
{"index":{"_index":"test_index","_type":"doc","_id":1}}
{"title":"first doc"}
{"index":{"_index":"test_index","_type":"doc","_id":2}}
{"title":"second doc"}
{"index":{"_index":"test_index","_type":"doc","_id":3}}
{"title":"third doc"}
{"index":{"_index":"test_index","_type":"doc","_id":4}}
{"title":"third doc"}
现在我们可以运行我们的术语聚合:
POST /test_index/_search?search_type=count
{
"aggs": {
"unique_vals": {
"terms": {
"field": "title"
}
}
}
}
...
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"failed": 0
},
"hits": {
"total": 4,
"max_score": 0,
"hits": []
},
"aggregations": {
"unique_vals": {
"buckets": [
{
"key": "third doc",
"doc_count": 2
},
{
"key": "first doc",
"doc_count": 1
},
{
"key": "second doc",
"doc_count": 1
}
]
}
}
}
答案 1 :(得分:0)
我很惊讶没有提出filter aggregation的建议。它可以追溯到ES版本1.3。
过滤器聚合与常规过滤器查询类似,但是可以嵌套到聚合链中,以过滤出不符合特定条件的文档数量,并仅基于满足条件的文档为您提供子聚合结果查询的条件。
首先,我们将放置映射。
curl --request PUT \
--url http://localhost:9200/items \
--header 'content-type: application/json' \
--data '{
"mappings": {
"item": {
"properties": {
"field1" : { "type": "integer" },
"field2" : { "type": "keyword" },
"field3" : { "type": "keyword" },
"field4" : { "type": "keyword" }
}
}
}
}
'
然后让我们加载一些数据。
curl --request PUT \
--url http://localhost:9200/items/_bulk \
--header 'content-type: application/json' \
--data '{"index":{"_index":"items","_type":"item","_id":1}}
{"field1":50, "field2":["salt", "vinegar"], "field3":["garlic", "onion"], "field4":"paprika"}
{"index":{"_index":"items","_type":"item","_id":2}}
{"field1":40, "field2":["salt", "pepper"], "field3":["onion"]}
{"index":{"_index":"items","_type":"item","_id":3}}
{"field1":100, "field2":["salt", "vinegar"], "field3":["garlic", "chives"], "field4":"pepper"}
{"index":{"_index":"items","_type":"item","_id":4}}
{"field1":90, "field2":["vinegar"], "field3":["chives", "garlic"]}
{"index":{"_index":"items","_type":"item","_id":5}}
{"field1":900, "field2":["salt", "vinegar"], "field3":["garlic", "chives"], "field4":"paprika"}
'
请注意,只有id为1和5的文档将通过条件,因此我们将只能在这两个field3数组和总共四个值上进行汇总。 ["garlic", "chives"], ["garlic", "onion"]。还要注意,field3可以是数据中的数组或单个值,但我将它们设为数组以说明计数如何工作。
curl --request POST \
--url http://localhost:9200/items/item/_search \
--header 'content-type: application/json' \
--data '{
"size": 0,
"aggregations": {
"top_filter_agg" : {
"filter" : {
"bool": {
"must":[
{
"range" : { "field1" : { "gte":50} }
},
{
"term" : { "field2" : "salt" }
}
],
"must_not":[
{
"term" : { "field4" : "pepper" }
}
]
}
},
"aggs" : {
"field3_terms_agg" : { "terms" : { "field" : "field3" } }
}
}
}
}
'
运行合并的过滤器/术语聚合之后。我们在field3上只有4个字词,总共只有3个唯一字词。
{
"took": 46,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 5,
"max_score": 0.0,
"hits": []
},
"aggregations": {
"top_filter_agg": {
"doc_count": 2,
"field3_terms_agg": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "garlic",
"doc_count": 2
},
{
"key": "chives",
"doc_count": 1
},
{
"key": "onion",
"doc_count": 1
}
]
}
}
}
}