我有嵌套聚合,我希望根据我的第一个聚合桶结果的条件找到第二个聚合桶的联合或交叉。例如,这是我的聚合。
"aggs": {
"events": {
"terms": {
"field": "event_name"
},
"aggs":{
"devices":{
"terms":{
"field": "device-id"
}
}
}
}
}
这是我聚合的结果
"aggregations": {
"events": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "conversion_checkout",
"doc_count": 214,
"devices": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6,
"buckets": [
{
"key": "9a11f243d44",
"doc_count": 94
},
{
"key": "ddcb21fd6cb",
"doc_count": 35
}
]
}
},
{
"key": "action_view_product",
"doc_count": 5,
"devices": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "54E4C593",
"doc_count": 4
},
{
"key": "9a11f243d44",
"doc_count": 1
}
]
}
}
]
}
}
现在,如果我想查找已完成action_view_product和conversion_checkout的所有设备,我如何在聚合中执行此操作?
答案 0 :(得分:0)
我认为您希望所有设备ID都具有event_names action_view_product和conversion_checkout,如下所示 -
{
"aggregations":{
"devices_agg":{
"doc_count":516,
"devices":{
"doc_count_error_upper_bound":0,
"sum_other_doc_count":0,
"buckets":[
{
"key":623232334,
"doc_count":275
},
{
"key":245454512,
"doc_count":169
},
{
"key":345454567,
"doc_count":32
},
{
"key":578787565,
"doc_count":17
},
{
"key":146272715,
"doc_count":23
}
]
}
}
}
}
doc_count = 516是具有event_names的文档总数,设备聚合中的action_view_product或conversion_checkout和“key”是设备ID。
如果我告诉你,那么下面的查询会为你做的事情 -
{
"size": 0,
"aggs": {
"devices_agg": {
"filter": {
"bool": {
"must": [
{
"terms": {
"event_name": [
"action_view_product",
"conversion_checkout"
]
}
}
]
}
},
"aggs": {
"devices": {
"terms": {
"field": "device-id",
"size": 100
}
}
}
}
}
}
如果我弄错了,请告诉我。