我正在尝试构建一个允许我在单个查询上进行多次聚合的查询。这是我发送的请求:
{
"size": 1,
"aggs": {
"firmNames": {
"terms": {
"field": "firm_name",
"size": 100000000
},
"aggs": {
"domains": {
"terms": {
"field": "domain",
"size": 100000000
},
"aggs": {
"logDates": {
"terms": {
"field": "log_date",
"size": 10000000
},
"aggs": {
"traffics": {
"sum": {
"field": "traffic"
}
},
"script_fields": {
"scripted_metric": {
"script": {
"lang": "painless",
"inline": "HashSet set = new HashSet; set.add(doc['file_name']); return set;"
}
}
}
}
}
}
}
}
}
}}
但是,执行此查询时出现以下错误:
{
"error" : {`enter code here`
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "Unknown key for a START_OBJECT in [script_fields]: [script].",
"line" : 15,
"col" : 23
}
],
"type" : "parsing_exception",
"reason" : "Unknown key for a START_OBJECT in [script_fields]: [script].",
"line" : 15,
"col" : 23
},
"status" : 400
}
我一直在尝试以多种形式更改此查询以使其正常工作但我总是会遇到此错误。
答案 0 :(得分:0)
script_fields部分不在正确的位置,它应位于顶层:
{
"size": 1,
"aggs": {
"firmNames": {
"terms": {
"field": "firm_name",
"size": 100000000
},
"aggs": {
"domains": {
"terms": {
"field": "domain",
"size": 100000000
},
"aggs": {
"logDates": {
"terms": {
"field": "log_date",
"size": 10000000
},
"aggs": {
"traffics": {
"sum": {
"field": "traffic"
}
}
}
}
}
}
}
}
},
"script_fields": {
"scripted_metric": {
"script": {
"lang": "painless",
"inline": "HashSet set = new HashSet(); set.add(doc.file_name.value); return set;"
}
}
}
}