我有一个USER类型,它有EVENT类型的孩子。
事件可以有不同的字段。因此,一个事件可能包含visitDate字段,而另一个事件可能是人口统计信息事件,并且具有age字段。
我想进行多级聚合,例如,我可以看到每天的细分。即:
1st July
Age: 24 - 10 docs
Age: 25 - 15 docs
2nd July
Age: 24 - 5 docs
Age: 25 - 6 docs
etc
我面临的问题是,如果我像孩子一样聚集:
{
"size": 2,
"aggs": {
"events": {
"children": {
"type" : "event"
},
"aggs": {
"visitDate": {
"terms":{
"field":"visitDate",
"size":0
},
"aggs":{
"byAge":{
"terms":{
"field":"age",
"size":0
}
}
}
}
}
}
}
}
等
第二级聚合(年龄)只能访问与visitDate上的聚合匹配的子文档,而不能访问任何同一父母的子文档。
我如何可以任意深入聚合,但每次连续聚合都会查看该桶中孩子的父母?
答案 0 :(得分:0)
你可以使用嵌套聚合来实现这一点,之前我有相同的情况,我使用以下查询来获得这样的结果(通过语言聚合音频书时间使用,这是audio_book中的嵌套子文档):
Elasticsearch doc:
{
"_index": "dev_analytics",
"_type": "UsageAnalytics",
"_id": "AWLc_3OL-IIrUiI24XbD",
"_score": 2.1704133,
"_source": {
"timestamp": 1523983693559,
"audio_book": {
"id": "0032423404234234234",
"name": "Jag ger dig solen",
"languages": [
{
"code": "sv",
"type": "TEXT"
}
],
"usage": {
"unitOfMeasure": "SEC",
"totalUsage": 1200
}
}
}
必填项:
"buckets": [
{
"key": "sv",
"doc_count": 247,
"usage": {
"doc_count": 247,
"total_usage": {
"count": 247,
"min": 1200,
"max": 1200,
"avg": 1200,
"sum": 296400
}
}
},
{
"key": "en",
"doc_count": 47,
"usage": {
"doc_count": 47,
"total_usage": {
"count": 47,
"min": 1200,
"max": 1200,
"avg": 1200,
"sum": 56400
}
}
},
{
"key": "de",
"doc_count": 24,
"usage": {
"doc_count": 24,
"total_usage": {
"count": 24,
"min": 1200,
"max": 1200,
"avg": 1200,
"sum": 28800
}
}
},
{
"key": "ar",
"doc_count": 20,
"usage": {
"doc_count": 20,
"total_usage": {
"count": 20,
"min": 1200,
"max": 1200,
"avg": 1200,
"sum": 24000
}
}
}
]
嵌套聚合查询:
GET dev_analytics/UsageAnalytics/_search
{
"size": 0,
"aggs": {
"lang": {
"nested": {
"path": "title.languages"
},
"aggs": {
"terms": {
"terms": {
"field": "title.languages.code"
},
"aggs": {
"usage": {
"reverse_nested": {},
"aggs": {
"total_usage": {
"stats": {
"field": "usage.totalUsage"
}
}
}
}
}
}
}
}
}
}