所以我试图在字段" svctag"中获取包含重复数据的所有文档。
我对此进行了以下查询。
"aggs": { "svctag": { "terms": { "field": "svctag","size": 0, "min_doc_count": 2}}}
我也试过用它来运行它,但仍然遇到了同样的错误。
{"aggs": {"duplicateNames": {"terms": { "field": "svctag","size": 0, "min_doc_count": 2}}}}
但是在运行时,我收到以下错误。
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"query_parsing_exception","reason":"Failed to parse query [\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}]","index":"logstash-data","line":1,"col":430}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-data","node":"PDjSn1G3SYS7jgGLRBV2HQ","reason":{"type":"query_parsing_exception","reason":"Failed to parse query [\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}]","index":"logstash-data","line":1,"col":430,"caused_by":{"type":"parse_exception","reason":"Cannot parse '\"aggs\": { \"svctag\": { \"terms\": { \"field\": \"svctag\",\"size\": 0, \"min_doc_count\": 2}}}': Encountered \" \":\" \": \"\" at line 1, column 6.\r\nWas expecting one of:\r\n <EOF> \r\n <AND> ...\r\n <OR> ...\r\n <NOT> ...\r\n \"+\" ...\r\n \"-\" ...\r\n <BAREOPER> ...\r\n \"(\" ...\r\n \"*\" ...\r\n \"^\" ...\r\n <QUOTED> ...\r\n <TERM> ...\r\n <FUZZY_SLOP> ...\r\n <PREFIXTERM> ...\r\n <WILDTERM> ...\r\n <REGEXPTERM> ...\r\n \"[\" ...\r\n \"{\" ...\r\n <NUMBER> ...\r\n ","caused_by":{"type":"parse_exception","reason":"Encountered \" \":\" \": \"\" at line 1, column 6.\r\nWas expecting one of:\r\n <EOF> \r\n <AND> ...\r\n <OR> ...\r\n <NOT> ...\r\n \"+\" ...\r\n \"-\" ...\r\n <BAREOPER> ...\r\n \"(\" ...\r\n \"*\" ...\r\n \"^\" ...\r\n <QUOTED> ...\r\n <TERM> ...\r\n <FUZZY_SLOP> ...\r\n <PREFIXTERM> ...\r\n <WILDTERM> ...\r\n <REGEXPTERM> ...\r\n \"[\" ...\r\n \"{\" ...\r\n <NUMBER> ...\r\n "}}}}]}}
我哪里错了?任何帮助将不胜感激。
答案 0 :(得分:0)
Kibana输入字段仅支持查询而不支持聚合。如果要聚合数据,可以使用可视化,而不是利用聚合。
在您的情况下,您可以:
svctag字段并配置size = 0 你应该好好去。