Question

I have a bunch of documents with the fields username and device_os as follows:

{ "username": "foo", "device_os": "Android", ....},
{ "username": "foo", "device_os": "iOS", ....},
{ "username": "bar", "device_os": "Android", ....},
{ "username": "baz", "device_os": "iOS", ....},
{ "username": "foo", "device_os": "iOS", ....}

I would like to get all distinct device_os by username as follows:

{ 
  "foo": ["Android", "iOS"],
  "bar": ["Android"],
  "baz": ["iOS"] 
}

What is the best way to do something like this in elasticsearch, specifically elasticsearch-py?

Answer 1

您可以按以下方式使用“条款”汇总

{
 "query": {
           "match_all": {}
          },
 "aggs":{
          "usr_agg":{
                     "terms": {"field": "username"}
                    }
        }
 }

了解更多info

Answer 2

万一有人来了，解决这个问题的想法很简单：在usr_agg上使用二级聚合，如下所示：

{
    "size": 0,
    "aggs": {
        "usr_agg": {
            "terms": {
                "field": "username.keyword"
            },
            "aggs": {
                "by_device_os": {
                    "terms": {
                        "field": "device_os.keyword"
                    }
                }
            }
        }
    }
}

Elasticsearch group by and distinct

2 个答案: