按弹性过滤器分组然后获得总命中

时间:2015-05-24 12:38:58

标签: elasticsearch

我有一个弹性索引,其元素看起来像这样:

{
   "_index": "logstash",
   "_type": "logs",
   "_id": "AU2E2aXQESJWOe",
   "_score": 2.248888,
   "_source": {
     "@version": "1",
     "@timestamp": "2015-05-24T07:36:04.811Z",
     "timeApache": "22/May/2015:17:31:56 +0200",
     "client": "XX.XX.XX.XXX",
     "method": "GET",
     "Status": "200",
     "request": "/some/path/",
     "querystring": "?some=querystring",
     "referrer": "\"http://im.areferer.com/en/ref/24230/874802/\"",
     "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36"
   }
}

问题是我想通过“客户”字段(它是一个IP)进行分组,然后进行计数(总点击次数),但我是新的弹性,这对我来说是一项不可能完成的任务。 ..有人可能会对如何做到这一点有所了解吗?

1 个答案:

答案 0 :(得分:2)

假设客户端字段是not_analyzed字符串字段,我将使用term aggregation,如下所示:

{
    "aggs" : {
        "ips" : {
            "terms" : { "field" : "client" }
        }
    }
}
相关问题
最新问题