Question

如何在Elasticsearch中过滤aggs数据

我根据条件汇总文档并成功获取结果。但是我不知道如何过滤结果文档计数

这是我的DSL

{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "term": {
            "company": "ailsx"
          }
        }
      ]
    }
  },
  "aggs": {
    "date_aggs": {
      "terms": {
        "field": "date",
        "size": 30
      },
      "aggs": {
        "wang": {
          "terms": {
            "field": "customer"
          }
        }
      }
    }
  }
}

这是我的结果

{
  "took": 1864,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 378426,
    "max_score": 0,
    "hits": [

    ]
  },
  "aggregations": {
    "date_aggs": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": 1553212800000,
          "key_as_string": "2019-03-22 00:00:00",
          "doc_count": 107879,
          "wang": {
            "doc_count_error_upper_bound": 10,
            "sum_other_doc_count": 107855,
            "buckets": [
              {
                "key": "sfa",
                "doc_count": 4
              },
              {
                "key": "237692469",
                "doc_count": 3
              },
              {
                "key": "fasf",
                "doc_count": 3
              },
              {
                "key": "1111daaa",
                "doc_count": 2
              },
              {
                "key": "2011",
                "doc_count": 2
              }]}}]}}

我想过滤大于2的doc_count并求和，就像这样

从文档

SELECT Count（） GROUP BY日期，客户拥有计数（）> = 2

Answer 1

您可以将min_doc_count用于此目的：

    "wang": {
      "terms": {
        "field": "customer",
        "min_doc_count": 2           <-- add this
      }
    }

然后，存储分区的doc_count属性将是您的总和。

如何在Elasticsearch中过滤和求和结果

1 个答案: