这个问题不是如何通过多个字段进行聚合,我们可以使用子聚合。
如果您了解SQL,我可以给您一个完美的解释:
SELECT SUM(SomeField1), MAX(SomeField2), MIN(SomeField3), AVG(SomeField4) FROM FooTable
GROUP BY Key1, Key2, Key3
我们能在Elasticsearch中实现吗?
感谢。
答案 0 :(得分:2)
是的,您需要按Key1进行汇总,然后为Key2和Key3添加两个子聚合,最后每SomeField*添加一个指标子聚合,基本上像这样:
{
"size": 0,
"aggs": {
"key1": {
"terms": {
"field": "Key1"
},
"aggs": {
"key2": {
"terms": {
"field": "Key2"
},
"aggs": {
"key3": {
"terms": {
"field": "Key3"
},
"aggs": {
"somefield1": {
"sum": {
"field": "SomeField1"
}
},
"somefield2": {
"max": {
"field": "SomeField2"
}
},
"somefield3": {
"min": {
"field": "SomeField3"
}
},
"somefield4": {
"avg": {
"field": "SomeField4"
}
}
}
}
}
}
}
}
}
}