Elasticsearch过滤聚合结果,其中计数大于x

时间:2016-08-12 14:41:02

标签: elasticsearch

我已获得以下弹性搜索查询,以便从按市场ID分组的弹性搜索中获得最高总ms。

    {
  "from": 0,
  "size": 0,
  "query": {
  "filtered": {
    "filter": {
      "and": [
        {
          "term": {
            "@type": "tradelog"
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "now-7d",
              "lt": "now"
            }
          }
        },
        {
          "range": {
            "TotalMs": {
              "gte": 200,
              "lt": 2000
            }
          }
        }
      ]
    }
  }

},
"aggregations": {
      "the_name": {
         "terms": {
            "field": "Market",
            "order" : { "totalms_avg" : "desc" }
         },
         "aggregations": {
            "totalms_avg": {
               "avg": {
                  "field": "TotalMs"
               }
            }
         }
      }
   }
}

此查询返回几个只有1个结果的桶,这些桶是我数据中的异常值,因此我不希望它们被包含在内。是否可以过滤掉任何小于5的桶?弹性搜索等同于SQL' HAVING'子句。

1 个答案:

答案 0 :(得分:12)

是的,您可以使用min_doc_count setting

...
"aggregations": {
      "the_name": {
         "terms": {
            "field": "Market",
            "order" : { "totalms_avg" : "desc" },
            "min_doc_count": 5
         },
         "aggregations": {
            "totalms_avg": {
               "avg": {
                  "field": "TotalMs"
               }
            }
         }
      }
   }
}