脚本字段在kibana中不起作用

时间:2017-07-15 10:36:01

标签: elasticsearch kibana-4 

Elastic search version : 2.4.x and Kibana is 4.x

elasticsearch中的数据:

 {
            "_index": "testindex_201707",
            "_type": "abcd",
            "_id": "AV0rSOhWGrdL3plaGRY0",
            "_score": 1,
            "_source": {
               "logtype": "xyz",
               "filesize": 106390550,
               "@timestamp": "2017-07-10T12:26:30.279+0530"
            }
         },
         {
            "_index": "testindex_201707",
            "_type": "xyz",
            "_id": "AV02YwV3GrdL3plaGRaD",
            "_score": 1,
            "_source": {
               "bytes_read": 173,
               "@timestamp": "2017-07-12T16:10:53.160+0530",
               "logtype": "xyz",
               "destination_port": "80"
            }
         }

我想计算为abcd和xyz服务的总HTTP / HTTP流量。为此,我编写了以下Elasticsearch查询:

GET /isp_vodafone_cdncache_201707/_search
{
   "query": {
      "match_all": {}
   },
   "aggs": {
      "total_bytes_served": {
         "scripted_metric": {
            "init_script": "_agg[\"tempArray\"] = [];",
            "map_script": "if ((doc.logtype.value == \"abcd\")&&(doc.http_status_code.value == \"200\" || doc.http_status_code.value == \"200 OK\")) { _agg.tempArray.add(doc.filesize.value);} else if ((doc.logtype.value == \"xyz\")&&(doc.destination_port.value == \"80\"||doc.destination_port.value == \"443\")&&(doc.http_status_code.value == \"200\" || doc.http_status_code.value == \"200 OK\")) { _agg.tempArray.add(doc.bytes_read.value);}",
            "combine_script": "served = 0; for (i in _agg.tempArray) { served += i }; return served;",
            "reduce_script": "served = 0; for (j in _aggs) { served += j }; return served;"
         }
      }
   }
}

这正确地给了我total_bytes_read。我想在Kibana中显示所提供的总HTTP / HTTP流量的指标。我试着在Kibana写一个脚本字段total_bytes_served

if (doc['logtype'].value == 'abcd'){ 
  return doc['filesize'].value;
} else if ((doc['logtype'].value == 'xyz') AND 
           (doc['destination_port'].value == "80" OR 
            doc['destination_port'].value == "443")) {     
  return doc['bytes_read'].value;
}

使用指标聚合器,我选择了SUM和上面编写的字段,但指标值为空。

我还尝试在elasticsearch.yml中启用以下参数:

 script.engine.groovy.inline.aggs: true
 script.engine.painless.inline: true
 script.engine.expression.inline: true

有人可以帮助我,我在这里缺少什么?

1 个答案:

答案 0 :(得分:0)

我们可以在条件运算符

中编写脚本字段 
(doc['filesize'].value ? doc['filesize'].value : doc['bytes_read'].value)/(1024*1024*1024)

并应用过滤器:

(logtype:"xyz"AND (destination_port:"80" OR destination_port:"443"))  OR logtype:"abcd"
相关问题
最新问题