在术语字段上按分页顺序排序后,如何获取记录。到目前为止,我有这个:
{
"query": {
"bool": {
"filter": [
{
"terms": {
"user_id.keyword": [
"user@domain.com"
]
}
},
{
"range": {
"creation_time": {
"gte": "2019-02-04T19:00:00.000Z",
"lte": "2019-05-04T19:00:00.000Z"
}
}
}
],
"should": [
{
"wildcard": {
"operation": "*sol*"
}
},
{
"wildcard": {
"object_id": "*sol*"
}
},
{
"wildcard": {
"user_id": "*sol*"
}
},
{
"wildcard": {
"user_type": "*sol*"
}
},
{
"wildcard": {
"client_ip": "*sol*"
}
},
{
"wildcard": {
"country": "*sol*"
}
},
{
"wildcard": {
"workload": "*sol*"
}
}
]
}
},
"aggs": {
"user_ids": {
"terms": {
"field": "country.keyword",
"include": ".*United.*"
}
}
},
"from": 0,
"size": 10,
"sort": [
{
"creation_time": {
"order": "desc"
}
}
]
}
我调查了this,有人说使用复合聚合或使用分区是可行的。但是我不确定如何真正实现这一目标。
我也研究了bucket_sort,但似乎无法使它工作:
"my_bucket_sort": {
"bucket_sort": {
"sort": [
{
"user_ids": {
"order": "desc"
}
}
],
"size": 3
}
}
我是这个菜鸟。请帮我。谢谢。
答案 0 :(得分:1)
由于该字段是国家/地区,并且基数不高,因此您可以将size设置为足够高的数字,以便在单个请求中返回所有国家/地区
"aggs": {
"user_ids": {
"terms": {
"field": "country.keyword",
"include": ".*United.*",
"size": 10000
}
}
}
或者,对于高基数字段,您可以先过滤聚合,然后使用分区来分页显示值
{
"size": 0,
"aggs": {
"user_ids": {
"filter": {
"wildcard" : { "country" : ".*United.*" }
},
"aggs": {
"countries": {
"terms": {
"field": "country.keyword",
"include": {
"partition": 0,
"num_partitions": 20
},
"size": 10000
}
}
}
}
}
}
每发送一次查询,最多增加19条partition的值
有关更多详细信息,请参见elastic documentation