按字段汇总,然后求和另一个字段的值

时间:2019-06-10 16:10:54

标签: elasticsearch elasticsearch-aggregation

我需要按一个字段进行汇总,然后在相同的汇总中使用另一个字段值计算总和。但是在执行查询时,第一次聚合可以,但是总和始终为0。

示例索引:


{
    "mappings": {
        "transaction": {
            "dynamic": "strict",
            "properties": {
                "transaction": {
                    "properties": {
                        "amount": {
                            "type": "double"
                        }
                    }
                },
                "infrastructureElement": {
                    "type": "nested",
                    "properties": {
                        "infrastructureElementSubType": {
                            "type": "keyword"
                        }
                    }
                }
            }
        }
    }
}

在下面的查询中,用infrastructureElement.infrastructureElementSubType进行汇总,然后将值transactionPurchase.amount加到另一个aggs中:

{
    "aggs": {
        "group_by_infrastructure_element": {
            "nested": {
                "path": "infrastructureElement"
            },
            "aggs": {
                "group_by_ie_subtype": {
                    "terms": {
                        "field": "infrastructureElement.infrastructureElementSubType"
                    },
                    "aggs": {
                        "revenue": {
                            "sum": {
                                "field": "transactionPurchase.amount"
                            }
                        }
                    }
                }
            }
        }
    }
}

当前结果:

{
    "took": 6,
    "timed_out": false,
    "_shards": {
        "total": 5,
        "successful": 5,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
    ...
    },
    "aggregations": {
        "group_by_infrastructure_element": {
            "doc_count": 365,
            "group_by_ie_subtype": {
                "doc_count_error_upper_bound": 0,
                "sum_other_doc_count": 0,
                "buckets": [
                    {
                        "key": "MOBILE",
                        "doc_count": 1,
                        "revenue": {
                            "value": 0
                        }
                    }
                ]
            }
        }
    }
}

谢谢!

1 个答案:

答案 0 :(得分:1)

您需要使用Reverse Nested Aggregation,然后在Sum Aggregation中进行链接以计算所需的内容:

汇总查询:

POST <your_index_name>/_search
{  
   "size":0,
   "aggs":{  
      "myterms":{  
         "nested":{  
            "path":"infrastructureElement"
         },
         "aggs":{  
            "myterms":{  
               "terms":{  
                  "field":"infrastructureElement.infrastructureElementSubType",
                  "size":10
               },
               "aggs":{  
                  "reverse":{  
                     "reverse_nested":{},
                     "aggs":{  
                        "revenue":{  
                           "sum":{  
                              "field":"transaction.amount"
                           }
                        }
                     }
                  }
               }
            }
         }
      }
   }
}

还要注意映射的结构,字段transaction不是Nested Type,而是简单的Object Type。现在,如果您位于嵌套聚合中,则需要遍历到根,然后执行度量聚合,例如为了计算amount

请注意以下有关我创建的示例文档的回复。

POST someaggregation/_doc/1
{
  "transaction":{
    "amount": 100
  },
  "infrastructureElement": [
    {
      "infrastructureElementSubType": "type1"
    },
    {
      "infrastructureElementSubType": "type2"
    }
  ]
}

POST someaggregation/_doc/2
{
  "transaction":{
    "amount": 100
  },
  "infrastructureElement": [
    {
      "infrastructureElementSubType": "type1"
    },
    {
      "infrastructureElementSubType": "type2"
    }
  ]
}

POST someaggregation/_doc/3
{
  "transaction":{
    "amount": 100
  },
  "infrastructureElement": [
    {
      "infrastructureElementSubType": "type3"
    },
    {
      "infrastructureElementSubType": "type4"
    }
  ]
}

响应:

{
  "took" : 519,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 3,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "myterms" : {
      "doc_count" : 6,
      "myterms" : {
        "doc_count_error_upper_bound" : 0,
        "sum_other_doc_count" : 0,
        "buckets" : [
          {
            "key" : "type1",
            "doc_count" : 2,
            "reverse" : {
              "doc_count" : 2,
              "revenue" : {
                "value" : 200.0
              }
            }
          },
          {
            "key" : "type2",
            "doc_count" : 2,
            "reverse" : {
              "doc_count" : 2,
              "revenue" : {
                "value" : 200.0
              }
            }
          },
          {
            "key" : "type3",
            "doc_count" : 1,
            "reverse" : {
              "doc_count" : 1,
              "revenue" : {
                "value" : 100.0
              }
            }
          },
          {
            "key" : "type4",
            "doc_count" : 1,
            "reverse" : {
              "doc_count" : 1,
              "revenue" : {
                "value" : 100.0
              }
            }
          }
        ]
      }
    }
  }
}

希望这会有所帮助!

如果您认为这可以解决您的问题,请随时投票和/或接受此答案:)