我已获得以下弹性搜索查询,以便从按市场ID分组的弹性搜索中获得最高总ms。
{
"from": 0,
"size": 0,
"query": {
"filtered": {
"filter": {
"and": [
{
"term": {
"@type": "tradelog"
}
},
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lt": "now"
}
}
},
{
"range": {
"TotalMs": {
"gte": 200,
"lt": 2000
}
}
}
]
}
}
},
"aggregations": {
"the_name": {
"terms": {
"field": "Market",
"order" : { "totalms_avg" : "desc" }
},
"aggregations": {
"totalms_avg": {
"avg": {
"field": "TotalMs"
}
}
}
}
}
}
此查询返回几个只有1个结果的桶,这些桶是我数据中的异常值,因此我不希望它们被包含在内。是否可以过滤掉任何小于5的桶?弹性搜索等同于SQL' HAVING'子句。
答案 0 :(得分:12)
是的,您可以使用min_doc_count
setting
...
"aggregations": {
"the_name": {
"terms": {
"field": "Market",
"order" : { "totalms_avg" : "desc" },
"min_doc_count": 5
},
"aggregations": {
"totalms_avg": {
"avg": {
"field": "TotalMs"
}
}
}
}
}
}