elasticsearch中的聚合新手。使用7.2。我试图在Tree.keyword上写一个聚合,以仅返回包含包含单词“ Branch”的键的文档数。我尝试了子聚合,bucket_selector(不适用于键字符串)和脚本。任何人都对如何解决这个问题有任何想法或建议?
映射:
{
"testindex" : {
"mappings" : {
"properties" : {
"Tree" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword"
}
}
}
}
}
}
}
示例查询返回所有键,但我需要做的是限制仅返回具有“分支”或更好的键,但仅返回有多少“分支”键的计数:
GET testindex/_search
{
"aggs": {
"bucket": {
"terms": {
"field": "Tree.keyword"
}
}
}
}
返回:
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "testindex",
"_type" : "_doc",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"Tree" : [
"Car:76",
"Branch:yellow",
"Car:one",
"Branch:blue"
]
}
}
]
},
"aggregations" : {
"bucket" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "Car:76",
"doc_count" : 1
},
{
"key" : "Branch:yellow",
"doc_count" : 1
},
{
"key" : "Car:one",
"doc_count" : 1
},
{
"key" : "Branch:blue",
"doc_count" : 1
}
]
}
}
}
答案 0 :(得分:1)
您必须添加包含项才能获得限制结果。这是代码示例,希望对您有所帮助。
GET testindex/_search
{
"_source": {
"includes": [
"Branch"
]
},
"aggs": {
"bucket": {
"terms": {
"field": "Tree.keyword"
}
}
}
}
答案 1 :(得分:0)
可以过滤将为其创建存储桶的值。可以使用基于正则表达式字符串或精确值数组的include和exclude参数来完成此操作。另外,可以使用分区表达式进行过滤的 include 子句。
对于您的情况,应该是这样,
GET testindex/_search
{
"aggs": {
"bucket": {
"terms": {
"field": "Tree.keyword",
"include": "Branch:*"
}
}
}
}
答案 2 :(得分:0)
感谢所有帮助!不幸的是,这些解决方案都不适合我。我最终使用脚本返回了所有分支,然后将其他所有内容设置为新的键。然后使用存储区脚本在Total_Buckets中减去1。可能是一个更好的解决方案,但希望它能对某人有所帮助
GET testindex/_search
{
"aggs": {
"bucket": {
"cardinality": {
"field": "Tree.keyword",
"script": {
"lang": "painless",
"source": "if(_value.contains('Branches:')) { return _value} return 1;"
}
}
},
"Total_Branches": {
"bucket_script": {
"buckets_path": {
"my_var1": "bucket.value"
},
"script": "return params.my_var1-1"
}
}
}
}