ElasticSearch:检索属于存储桶的文档

时间:2016-03-11 22:08:26

标签: elasticsearch

我正在尝试检索过去一年的文件,每个文件分为1个月的桶。我会拿每个1个月的文件,然后进一步分析它们(我的问题范围在这里)。从描述中看,“Bucket Aggregation”似乎是要走的路,但在“桶”响应中,我只得到每个桶中的文档数,而不是原始文档本身。我错过了什么?

GET命令

{
    "aggs" : {
        "DateHistogram" : {
            "date_histogram" : {
                "field" : "timestamp",
                "interval": "month"
            }
        }
    }, 
    "size" : 0
}

结果输出

{
  "took" : 138,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 1313058,
    "max_score" : 0.0,
    "hits" : [ ]
  },
  "aggregations" : {
    "DateHistogram" : {
      "buckets" : [ {
        "key_as_string" : "2015-02-01T00:00:00.000Z",
        "key" : 1422748800000,
        "doc_count" : 270
      }, {
        "key_as_string" : "2015-03-01T00:00:00.000Z",
        "key" : 1425168000000,
        "doc_count" : 459
      }, 
      (...and all the other months...)
      {
        "key_as_string" : "2016-03-01T00:00:00.000Z",
        "key" : 1456790400000,
        "doc_count" : 136009
      } ]
    }
  }
}

1 个答案:

答案 0 :(得分:3)

您几乎就在那里,您只需要添加一个top_hits sub-aggregation,以便为每个存储桶检索一些文档:

POST /your_index/_search
{
    "aggs" : {
        "DateHistogram" : {
            "date_histogram" : {
                "field" : "timestamp",
                "interval": "month"
            },
            "aggs": {                  <--- add this
                "docs": {
                    "top_hits": {
                        "size": 10
                    }
                }
            }
        }
    }, 
    "size" : 0
}
相关问题
最新问题