Elastic Search:特定字段上的聚合和

Question

我对elastic search是个新手，正在寻求一些帮助。基本上，我的弹性搜索中有大约200万个文档，这些文档如下所示：

{
  "_index": "flipkart",
  "_type": "PSAD_ThirdParty",
  "_id": "430001_MAM_2016-02-04",
  "_version": 1,
  "_score": 1,
  "_source": {
    "metrics": [
      {
        "id": "Metric1",
        "value": 70
      },
      {
        "id": "Metric2",
        "value": 90
      },
      {
        "id": "Metric3",
        "value": 120
      }
    ],
    "primary": true,
    "ticketId": 1,
    "pliId": 206,
    "bookedNumbers": 15000,
    "ut": 1454567400000,
    "startDate": 1451629800000,
    "endDate": 1464589800000,
    "tz": "EST"
  }
}

我想写一个满足以下条件的聚合查询：

1)首先根据"_index"、"_type"和"pliId"进行查询。2)基于metrics.id = "Metric1"对metrics.value进行聚合求和。

基本上，我需要根据一些字段查询记录，并根据指标id对特定指标值进行汇总。请你能帮我把我的问题弄对吗？

Answer 1

metrics字段的类型必须为nested

    "metrics": {
      "type": "nested",
      "properties": {
        "id": {
          "type": "string",
          "index": "not_analyzed"
        }
      }
    }

如果您希望Metric1匹配，也就是大写字母，那么正如您在上面看到的，id需要是not_analyzed。

然后，如果你只想要metrics.id = "Metric1"聚合，你需要这样的东西：

{
  "query": {
    "filtered": {
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "pliId": 206
              }
            }
          ]
        }
      }
    }
  },
  "aggs": {
    "by_metrics": {
      "nested": {
        "path": "metrics"
      },
      "aggs": {
        "metric1_only": {
          "filter": {
            "bool": {
              "must": [
                {
                  "term": {
                    "metrics.id": {
                      "value": "Metric1"
                    }
                  }
                }
              ]
            }
          },
          "aggs": {
            "by_metric_id": {
              "terms": {
                "field": "metrics.id"
              },
              "aggs": {
                "total_delivery": {
                  "sum": {
                    "field": "metrics.value"
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}

Answer 2

已创建新索引:方法: PUT，URL：http://localhost:9200/google/

正文：

    {
      "mappings": {
        "PSAD_Primary": {
          "properties": {
            "metrics": {
              "type": "nested",
              "properties": {
            "id": {
              "type": "string",
              "index": "not_analyzed"
            },
            "value": {
              "type": "integer",
              "index": "not_analyzed"
            }
          }
            }
          }
        }
      }
    }

然后我插入了大约200,000个文档，然后运行查询，它起作用了。

响应：

{
  "took": 34,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 1,
    "hits": [
      {
        "_index": "google",
        "_type": "PSAD_Primary",
        "_id": "383701291_MAM_2016-01-06",
        "_score": 1,
        "_source": {
          "metrics": [
            {
              "id": "Metric1",
              "value": 70
            },
            {
              "id": "Metric2",
              "value": 90
            },
            {
              "id": "Metric3",
              "value": 120
            }
          ],
          "primary": true,
          "ticketId": 1,
          "pliId": 221244,
          "bookedNumbers": 15000,
          "ut": 1452061800000,
          "startDate": 1451629800000,
          "endDate": 1464589800000,
          "tz": "EST"
        }
      }
    ]
  },
  "aggregations": {
    "by_metrics": {
      "doc_count": 3,
      "metric1_only": {
        "doc_count": 1,
        "by_metric_id": {
          "doc_count_error_upper_bound": 0,
          "sum_other_doc_count": 0,
          "buckets": [
            {
              "key": "Metric1",
              "doc_count": 1,
              "total_delivery": {
                "value": 70
              }
            }
          ]
        }
      }
    }
  }
}