弹性搜索聚合桶将电子邮件格式计为两个不同的桶密钥。

时间:2015-04-16 00:11:40

标签: elasticsearch

我将字段存储为“user1@user.com”。

使用聚合json查询:

"aggregations": {
                "email-terms": {
                    "terms": {
                        "field": "l_obj.email",
                        "size": 0,
                        "shard_size": 0,
                        "order": {
                            "_count": "desc"
                        }
                    }
                }
            }


I am getting response :

"buckets" : [
{
"key" : "user.com",
"doc_count" : 1
},
{
"key" : "user1",
"doc_count" : 1
}

而不是

"buckets" : [
{
"key" : "user1@user.com",
"doc_count" : 1
}
]

同样的问题仍然存在于字符串类型中:user1.user2.user.com,我正在进行术语聚合。 我在这里错过了什么吗?

2 个答案:

答案 0 :(得分:3)

您需要在地图中的"email"字段中设置"index": "not_analyzed"

如果我在没有指定分析器的情况下设置玩具索引(或不使用分析器),将使用standard analyzer,它将分割为空白和符号,如" @"。因此,使用此索引定义:

PUT /test_index
{
   "mappings": {
      "doc": {
         "properties": {
            "email": {
               "type": "string"
            }
         }
      }
   }
}

如果我添加一个doc:

PUT /test_index/doc/1
{
    "email": "user1@user.com"
}

然后要求terms聚合,我会找回两个术语:

POST /test_index/_search?search_type=count
{
   "aggregations": {
      "email-terms": {
         "terms": {
            "field": "email"
         }
      }
   }
}
...
{
   "took": 2,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 1,
      "max_score": 0,
      "hits": []
   },
   "aggregations": {
      "email-terms": {
         "buckets": [
            {
               "key": "user.com",
               "doc_count": 1
            },
            {
               "key": "user1",
               "doc_count": 1
            }
         ]
      }
   }
}

但是,如果我在该字段中使用"index": "not_analyzed"重建索引,并再次索引同一文档:

DELETE /test_index

PUT /test_index
{
   "mappings": {
      "doc": {
         "properties": {
            "email": {
               "type": "string",
               "index": "not_analyzed"
            }
         }
      }
   }
}

PUT /test_index/doc/1
{
    "email": "user1@user.com"
}

并运行相同的术语聚合,我只返回该电子邮件地址的单个术语:

POST /test_index/_search?search_type=count
{
   "aggregations": {
      "email-terms": {
         "terms": {
            "field": "email"
         }
      }
   }
}
...
{
   "took": 2,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 1,
      "max_score": 0,
      "hits": []
   },
   "aggregations": {
      "email-terms": {
         "buckets": [
            {
               "key": "user1@user.com",
               "doc_count": 1
            }
         ]
      }
   }
}

以下是我使用的代码:

http://sense.qbox.io/gist/a73a28bf7450b637138b02a371fb15cabf344ab6

答案 1 :(得分:0)

我们可以将索引模板用于预定义的字段类型http://www.elastic.co/guide/en/elasticsearch/reference/1.3/indices-templates.html  ,例如:

使用rest客户端或弹性搜索意义

PUT/POST http://escluster:port/_template

{
  "testtemplate": {
    "aliases": {},
    "mappings": {
      "test1": {
        "_all": {
          "enabled": false
        },
        "_source": {
          "enabled": true
        },
        "properties": {
          "email": {
            "fielddata": {
              "format": "doc_values"
            },
            "index": "not_analyzed",
            "type": "string"
          }...
相关问题
最新问题