我目前正在使用弹性来存储时间序列的数据,我在端口 - >网络设备上存储传入数据包(它是增量计数器)。
我正在进行聚合以计算在一个时间间隔(直方图)中收到的数据包数量,并且我还要计算在查询的时间间隔内收到的数据包总数。
在时间间隔内接收的数据包数是最大运行计数器的导数。 查询间隔收到的数据包总数是衍生数的累积和。
{
"query" : {
"bool" : {
"must" : {
"range" : {
"exportTimeStamp" : {
"from" : 1523826005514,
"to" : 1523862005514,
"include_lower" : true,
"include_upper" : true
}
}
}
}
},
aggregations" : {
"dataPoints" : {
"date_histogram" : {
"field" : "exportTimeStamp",
"interval" : "5m",
"min_doc_count" : 0
},
"aggregations" : {
"Max" : {
"max" : {
"field" : "ingressPackets"
}
},
"Der" : {
"derivative" : {
"buckets_path" : [ "Max" ],
"gap_policy" : "insert_zeros"
}
},
"CumSum" : {
"cumulative_sum" : {
"buckets_path": "Der"
}
}
}
}
}
}
我收到以下错误,因为对于第一个聚合,不会有衍生填充
{
"error": {
"root_cause": [],
"type": "reduce_search_phase_exception",
"reason": "[reduce] ",
"phase": "fetch",
"grouped": true,
"failed_shards": [],
"caused_by": {
"type": "null_pointer_exception",
"reason": null
}
},
"status": 503
}
结果没有“CumSum”聚合代码段。
"buckets": [
{
"key_as_string": "2018-04-16T06:20:00.000Z",
"key": 1523859600000,
"doc_count": 1,
"Max": {
"value": 58
}
//I think the problem is here where we dont have derivative and hence when we add cumulative sum aggregation we are getting NPE.
},
{
"key_as_string": "2018-04-16T06:25:00.000Z",
"key": 1523859900000,
"doc_count": 3,
"Max": {
"value": 169
},
"Der": {
"value": 111
}.....
请说明在这种情况下如何解决NPE?