弹性搜索

时间:2016-05-21 15:27:54

标签: elasticsearch kibana

我试图在弹性搜索中对某个字段进行简单计数但是仍然遇到400错误......

这是我的查询:

curl -XPOST "http://host/logstash-2016.05.19/_search" -d'
{
   "aggregations": {
      "the_name": {
         "terms": {
            "field": "serviceName"
         },
         "aggregations": {
            "callcnt": {
               "count": {
                  "field": "requestId"
               }
            }
         }
      }
   }
}'

这是我回来的错误:

{
   "error": "SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[ZWtovPXtTfSuJzg9M3FMjw][logstash-2016.05.19][0]: RemoteTransportException[[es4][inet[/10.149.76.55:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   \"aggregations\": {\n      \"the_name\": {\n         \"terms\": {\n            \"field\": \"serviceName\"\n         },\n         \"aggregations\": {\n            \"callcnt\": {\n               \"count\": {\n                  \"field\": \"requestId\"\n               }\n            }\n         }\n      }\n   }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][0]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[vSqpHGQXRf6OUIEF_kQ1jg][logstash-2016.05.19][1]: RemoteTransportException[[es2][inet[/10.149.76.138:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   \"aggregations\": {\n      \"the_name\": {\n         \"terms\": {\n            \"field\": \"serviceName\"\n         },\n         \"aggregations\": {\n            \"callcnt\": {\n               \"count\": {\n                  \"field\": \"requestId\"\n               }\n            }\n         }\n      }\n   }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][1]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][2]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   \"aggregations\": {\n      \"the_name\": {\n         \"terms\": {\n            \"field\": \"serviceName\"\n         },\n         \"aggregations\": {\n            \"callcnt\": {\n               \"count\": {\n                  \"field\": \"requestId\"\n               }\n            }\n         }\n      }\n   }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][2]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][3]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   \"aggregations\": {\n      \"the_name\": {\n         \"terms\": {\n            \"field\": \"serviceName\"\n         },\n         \"aggregations\": {\n            \"callcnt\": {\n               \"count\": {\n                  \"field\": \"requestId\"\n               }\n            }\n         }\n      }\n   }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][3]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }{[PwDi_CIiQHmOHp34KdWk0A][logstash-2016.05.19][4]: RemoteTransportException[[es3][inet[/10.149.76.97:9300]][indices:data/read/search[phase/query]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{\n   \"aggregations\": {\n      \"the_name\": {\n         \"terms\": {\n            \"field\": \"serviceName\"\n         },\n         \"aggregations\": {\n            \"callcnt\": {\n               \"count\": {\n                  \"field\": \"requestId\"\n               }\n            }\n         }\n      }\n   }\n}\n]]]; nested: SearchParseException[[logstash-2016.05.19][4]: from[-1],size[-1]: Parse Failure [Could not find aggregator type [count] in [callcnt]]]; }]",
   "status": 400
}

我也使用Sense chrome扩展来运行查询,因此不确定这是否有所作为。

查询弹性搜索的新手,所以我试图在线跟踪一些指南,但没有到达目前为止...我可以成功地进行简单的查询,但似乎无法找出聚合的...

编辑:

如果它是一个SQL查询,那么我尝试用聚合做的事就是这样:

select serviceName, count(requestId) as cnt
from tableA
group by serviceName

结果:

serviceName | cnt
-----------------
srvc1          32
srvc3          18
srvc7          75
etc...

3 个答案:

答案 0 :(得分:1)

一个问题可能是ElasticSearch搜索是使用GET而不是POST进行的。试试curl -XGET

此外,没有count聚合。你的意思是value_count吗?

提示:将?pretty附加到您的网址,以获得更易于阅读的输出:

curl -XGET "http://host/logstash-2016.05.19/_search?pretty"

答案 1 :(得分:1)

问题在于没有count聚合。您需要使用的聚合称为value_count

查看错误:

  

解析失败[无法在[callcnt]中找到聚合器类型[count]];

使用它代替,它将起作用:

curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
   "aggregations": {
      "the_name": {
         "terms": {
            "field": "serviceName"
         },
         "aggregations": {
            "callcnt": {
               "value_count": {
                  "field": "requestId"
               }
            }
         }
      }
   }
}'

<强>更新

跟进您的评论,以下是您可以执行所需操作的方式,即使用terms子聚合而不是value_count

curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
   "aggregations": {
      "the_name": {
         "terms": {
            "field": "serviceName"
         },
         "aggregations": {
            "callcnt": {
               "terms": {
                  "field": "requestId"
               }
            }
         }
      }
   }
}'

答案 2 :(得分:1)

简单使用terms聚合来获取serviceName字段中不同值的计数。

 curl -XPOST "http://host/logstash-2016.05.19/_search" -d '{
  "aggregations": {.
  "the_name": {
     "terms": {
        "field": "serviceName"
           }
          }
         }
       }'

希望这有助于!!!!

相关问题
最新问题