我收集了两个平台之间大量的交流事件。为了进行监控,我每分钟都会生成一些统计信息以收集临时统计信息。我需要使聚合不太详细,这对于我来说对于一个查询而言太复杂了。请参阅以下查询:
var today = new Date();
var offset = today.getTimezoneOffset();
var now = new Date(today.getTime()+(-offset)*60*1000);
var today1 = today.getTime()+(-offset)*60*1000-6*1000*60;
var sec = 1000 * 60 ;
var start = new Date(Math.round(today1 / sec) * sec + 59999);
var end = new Date(Math.round(today1 / sec) * sec )
db.events.aggregate([
{$project: {_id: 0, time: 1, is_request: 1, dst: 1,src: 1,"Result-Code": {$ifNull: [ "$Result-Code", "0" ]} , RC: { $substr: [ "$Result-Code", 0, 1 ] } , "CC-Request-Type": 1 }},
{$match: {"time": { "$lte": start, "$gte": end} }} ,
{$group: {_id: {is_request: "$is_request" ,dst: "$dst",src: "$src",
"CC-Request-Type": "$CC-Request-Type",
"RC": "$RC"},
count: {$sum: 1}}}
// {$out: "stats"}
]);
前7行用于计算6分钟前的一分钟时间段(0-59秒) 聚合用于生成流量统计信息。 汇总返回以下文档:
{
"_id" : {
"is_request" : 1,
"dst" : "10.12.0.2",
"src" : "10.11.0.1",
"CC-Request-Type" : 3,
"RC" : ""
},
"count" : 1.0
}
/* 11 */
{
"_id" : {
"is_request" : 1,
"dst" : "10.12.0.3",
"src" : "10.11.0.2",
"CC-Request-Type" : 2,
"RC" : ""
},
"count" : 38.0
}
/* 12 */
{
"_id" : {
"is_request" : 0,
"dst" : "10.11.0.3",
"src" : "10.12.0.2",
"CC-Request-Type" : 2,
"RC" : "2"
},
"count" : 1.0
}
/* 13 */
{
"_id" : {
"is_request" : 0,
"dst" : "10.11.0.2",
"src" : "10.12.0.9",
"CC-Request-Type" : 1,
"RC" : "4"
},
"count" : 1.0
}
有6个src地址和4个dst。我知道,通过简单的方法,我可以通过两个查询获取结果,但是我需要同时在统计信息收集中使用它。我想知道是否有一种方法可以与一个查询聚合以实现以下目的:
{
"_id" : {
"is_request" : 1,
"dst" : "10.12.0.2",
"CC-Request-Type" : 3,
"RC" : ""
},
"count" : 1.0 (all src addresses)
}
/* 11 */
{
"_id" : {
"is_request" : 1,
"dst" : "10.12.0.3",
"CC-Request-Type" : 2,
"RC" : ""
},
"count" : 38.0 (all src addresses)
}
/* 12 */
{
"_id" : {
"is_request" : 0,
"src" : "10.12.0.2",
"CC-Request-Type" : 2,
"RC" : "2"
},
"count" : 1.0 (all dst addresses)
}
/* 13 */
{
"_id" : {
"is_request" : 0,
"src" : "10.12.0.9",
"CC-Request-Type" : 1,
"RC" : "4"
},
"count" : 1.0 (all dst addresses)
}