扩展统计信息存储区未返回存储区总和-使用热门匹配

时间:2019-06-06 08:22:49

标签: elasticsearch logstash kibana alerts elasticsearch-watcher

我正在努力使用“热门歌曲”聚合和“ extended_stats_bucket”。

从存储桶返回的“ extended_stats_bucket”路径无法读取指标值count_status。

这是否是将top_hits用作聚合的缺点?还是我的代码编写方式有缺陷?

下面的代码是我起草的,它给出了两个extended_stats_buckets的错误。

    GET logstash-masspay_bam-sit-2019.06.03/_search
{
"size" : 0,
  "query": {
"bool": {
  "must": [
    {
      "range": {
        "@timestamp": {
          "gte": "now/d-30d",
          "lt": "now/d"
        }
      }
    },
    {
    "query_string": {
      "query": "((office.keyword:DE2 OR office.keyword:FR2 OR office.keyword:ES2 OR office.keyword: IE2 office.keyword:PT2 ) AND (!status.keyword:FXRATE OR !status.keyword:WAIT_FX_RATE)) OR (office.keyword:GB2 OR office.keyword:GB4)",
      "analyze_wildcard": true,
      "default_field": "*"
    }
  },
    {
      "terms" : {
        "sourcetype.keyword": [
          "mp_bam_queue",
          "mp_bam_queue_tot"
        ]
      }
    }
  ]    
}
  },
  "aggs" : {
"Interval_Office_Queue" : {
  "terms": {
    "size": 10000,
    "script": {
      "lang": "painless",
      "source": """
      def office=doc['office.keyword'].value;
      def queue=doc['status.keyword'].value;
      def hour=doc['@timestamp'].value.toString('HH');
      int quarter=Integer.parseInt(doc['@timestamp'].value.toString('mm'))/15;
        String minute='';
        if (quarter==0) {
          minute='00';
        } else if (quarter>0) {
          minute=String.valueOf(quarter*15);
        }
      return hour+minute+'_'+office+'_'+queue
      """
    }
  },
  "aggs": {
    "Interval_Office_Channel_Day": {
      "terms" : {
        "size": 30,
        "script" : {
          "lang": "painless",
          "source" : "String day=doc['@timestamp'].value.toString('YYYY-MM-dd'); return day"
          }
      },
                "aggs": {
        "CumulativeVolume": {
          "top_hits": {
            "size": 1,
            "_source": {
              "includes": [ "count_status" ]
            },
            "sort": [
              {
                "@timestamp": {
                  "order": "desc"
                }
              }
            ]
          }
        },
        "CumulativeAmount": {
          "top_hits": {
            "size": 1,
            "_source": {
              "includes": [ "sum_base_amount" ]
            },
            "sort": [
              {
                "@timestamp": {
                  "order": "desc"
                }
              }
            ]
          }
        },
    "ChannelVolumeStats": {
      "extended_stats_bucket": {
        "buckets_path": "Interval_Office_Channel_Day>CumulativeVolume"
      }
    },
    "ChannelAmountStats": {
      "extended_stats_bucket": {
        "buckets_path": "Interval_Office_Channel_Day>CumulativeAmount"
      }
    },
    "BucketMetadata": {
      "top_hits": {
        "size": 1,
        "_source": {
          "includes": ["office","office_country","status"]
        }
      }
    }                          
  }  
}
  }
}
}}

Example of error when the script is ran

从返回的存储桶中我想获取count_status Example without the extended_stats_buckets

0 个答案:

没有答案
相关问题
最新问题