为什么我不能从bucket_path处理此聚合值并返回一个布尔值?

时间:2019-05-30 13:36:45

标签: elasticsearch elasticsearch-aggregation

我在Elasticsearch中有一个索引别名,其中有针对不同客户的日志,这些客户调用了Web服务中的某些过程。我只想查看那些已经开始但尚未完成的过程(并最终显示一些数字,例如失败的调用数量,抛出异常等)。

每个文档都有一个类似于name-startname-finish的SubOperation字段以及唯一描述购买的详细信息。

这是我要运行的查询:

POST /logs/_search?size=0
{
  "aggs": {
    "Invoice": {
      "terms": {
        "field": "InvoiceNumber"
      },
      "aggs": {
        "Branch": {
          "terms": {
            "field": "Branch"
          },
          "aggs" : {
            "Operation" : {
              "terms": {
                "script" : "return Arrays.asList(/-/.split(doc['SubOperation.keyword'].value))[0];"
              },
              "aggs": {
                "started": {
                  "terms": {
                    "script" : "return Arrays.asList(/-/.split(doc['SubOperation.keyword'].value))[1] == \"start\";"
                  },
                  "aggs" : {
                    "start_cnt" : {
                      "value_count" : {
                          "field" : "SubOperation.keyword"
                        }
                    }
                  }
                },
                "finished": {
                  "terms": {
                    "script" : "return Arrays.asList(/-/.split(doc['SubOperation.keyword'].value))[1] == \"finish\";"
                  },
                  "aggs" : {
                    "finish_cnt" : {
                      "value_count" : {
                        "field" : "SubOperation.keyword"
                      }
                    }
                  }
                },
                "is_finished" : { 
                  "bucket_script": {
                    "buckets_path": {
                      "s": "started>start_cnt",
                      "f": "finished>finish_cnt"
                    },
                    "script": "return params.f;"
                  }
                }
              }
            }
          }
        }
      } 
    }
  }
}

给出的响应:

{
  "error": {
    "root_cause": [],
    "type": "search_phase_execution_exception",
    "reason": "",
    "phase": "fetch",
    "grouped": true,
    "failed_shards": [],
    "caused_by": {
      "type": "aggregation_execution_exception",
      "reason": "buckets_path must reference either a number value or a single value numeric metric aggregation, got: java.lang.Object[]"
    }
  },
  "status": 503
}

我了解到value_count聚合是与bucket_path一起使用的有效聚合。那么这是怎么回事?我还读到多级聚合规范可能会导致此错误,但就我而言,仅降低了1级(在相关is_finished部分中为一个'>')。

而且,当我尝试更改此行时:

"script": "return params.f;"

收件人:

"script": "return params.f == 1;"

我得到:

  "error": {
    "root_cause": [],
    "type": "search_phase_execution_exception",
    "reason": "",
    "phase": "fetch",
    "grouped": true,
    "failed_shards": [],
    "caused_by": {
      "type": "script_exception",
      "reason": "compile error",
      "script_stack": [
        "return params.f == 1;",
        "       ^---- HERE"
      ],
      "script": "return params.f == 1;",
      "lang": "painless",
      "caused_by": {
        "type": "class_cast_exception",
        "reason": "Cannot cast from [boolean] to [java.lang.Number]."
      }
    }
  },
  "status": 503
}

当我尝试对从bucket_path检索到的数据执行任何有用的操作时,也会发生这种情况,例如:return (params.s == 1) && (params.f == 1);

如何解决此查询,或者如何做得更好?

0 个答案:

没有答案
相关问题
最新问题