聚合弹性搜索中的桶的字符串排序

时间:2018-01-15 18:31:16

标签: sorting elasticsearch aggregation

我想按字符串值的字段对结果进行排序,例如,我已按此回复

"aggregations": {
    "group_agg": {
        "doc_count_error_upper_bound": -1,
        "sum_other_doc_count": 82,
        "buckets": [
            {
                "key": "38:16:33:6A:71:FF",
                "doc_count": 1,
                "group_agg_top_hit": {
                    "hits": {
                        "total": 1,
                        "max_score": null,
                        "hits": [
                            {
                                "_index": "23432534534",
                                "_type": "log",
                                "_id": "123143435346",
                                "_score": null,
                                "_source": {
                                    "name1": "aaa-bbb",
                                    "name2": "asdasd-bbb",
                                    "Mac": "38:22:33:6A:71:FF",
                                    "description": "",
                                    "event_timestamp": "2017-12-16T08:06:10.000+0000",
                                    "ssid": "aaa-network"
                                },
                                "sort": [
                                    1513411570000
                                ]
                            }
                        ]
                    }
                },
                "order_agg": {
                    "value": 1513411570000,
                    "value_as_string": "2017-12-16T08:06:10.000Z"
                }
            }
        ]
    }
}

我用time_stamp来治疗它是一个neumarical值,我需要用

对结果进行排序

====================================== 

 "aggs": {
"group_agg": {
  "terms": {
    "field": "Mac.rawData",
    "size": 1,
     "order" : { "order_agg" : "asc" }   ----> need to change this to make sorting by name 1 or name 2

  },
  "aggs": {
    "order_agg": {
      "max": {
        "field": "event_timestamp"
      }
    },
    "group_agg_top_hit": {
      "top_hits": {
      "sort": [
                {
                    "event_timestamp": {
                        "order": "desc"
                    }
                }
            ],
            "_source": {
                "includes": ["name1", "name2", "Mac", "ssid", "event_timestamp","description"]
            },
        "size": 1
      }
    }
  }
}

}

==== 这段代码正在运行,但我需要将桶排序更改为名称而不是event_timestamp

请帮忙

2 个答案:

答案 0 :(得分:0)

我也曾试图做到这一点;但是,由于所有{-{1}},max等单值度量标准聚合都要求将字段聚合为avg类型,因此无济于事。

您可能遇到了这种情况,并且正在像我一样寻求外部帮助;希望其他人能看到您的帖子,并指出可以通过integer字段完成存储分区排序的汇总解决方案或至少其他替代方案或最佳做法。

答案 1 :(得分:0)

如果您使用的是ES版本> 6.x,则可以使用Composite Aggregations。它接受文本搜索,但工作原理与TermAggregation有所不同:

https://www.elastic.co/guide/en/elasticsearch/reference/6.7/search-aggregations-bucket-composite-aggregation.html

相关问题
最新问题