elasticsearch-aggregation

问题 I wanted to aggregate the data on a different field and also wanted to get the aggregated data on sorted fashion based on the name. My data is : { "_index": "testing-aggregation", "_type": "employee", "_id": "emp001_local000000000000001", "_score": 10.0, "_source": { "name": [ "Person 01" ], "groupbyid": [ "group0001" ], "ranking": [ "2.0" ] } }, { "_index": "testing-aggregation", "_type": "employee", "_id": "emp002_local000000000000001", "_score": 85146.375, "_source": { "name": [ "Person 02

问题 I am using composite aggregation on nested fields in elasticsearch but I want to exclude some terms from the result. This aggregation is working: { "size": 0, "geo": { "communication": { "nested": { "path": "geo" }, "aggs": { "table": { "composite": { "size": 1000, "sources": [ {"stk1": {"terms": {"field": "geo.src"}}}, {"stk2": {"terms": {"field": "geo.dest"}}} ] } } } } } } But I want to exclude some terms from stk2, { "size": 0, "aggs": { "geo": { "nested": { "path": "geo" }, "aggs": {

问题 I'm trying to count documents with unique nested field value (and next, the documents itself also). Looks like getting the unique documents works. But when I'm trying to execute a request for count , I'm getting an error as follows: Suppressed: org.elasticsearch.client.ResponseException: method [POST], host [http://localhost:9200], URI [/package/_count?ignore_throttled=true&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=true], status line [HTTP/1.1 400 Bad Request] {"error":{

问题 I have "event" (like clicks on websites) documents in a index. Now I want to to calculate the ratio between events with name=x and events with name=y. I first use a "filters" agg to split up my documents into two buckets and then I use a bucket_script aggregation for calculating the ratio, but the result of it is not shown in the output... Here is my query: GET /_search { "query": { ... }, "aggs": { "all_my_documents": { "filters": { "filters": { "all": { "match_all": {} } } }, "aggs": {

问题 There is a list of conversations and every conversation has a list of messages. Every message has different fields and an action field. We need to consider that in the first messages of the conversation there is used the action A , after a few messages there is used action A.1 and after a while A.1.1 and so on (there is a list of chatbot intents). Grouping the messages actions of a conversation will be something like: A > A > A > A.1 > A > A.1 > A.1.1 ... Problem: I need to create a report

问题 There is a list of conversations and every conversation has a list of messages. Every message has different fields and an action field. We need to consider that in the first messages of the conversation there is used the action A , after a few messages there is used action A.1 and after a while A.1.1 and so on (there is a list of chatbot intents). Grouping the messages actions of a conversation will be something like: A > A > A > A.1 > A > A.1 > A.1.1 ... Problem: I need to create a report

问题 I need to compute a pipeline aggregation in ElasticSearch and I can't figure out how to express it. Each document has an email address and an amount. I need to output range buckets of amount counts, grouped by unique email. { "0 - 99": 300, "100 - 400": 100 ...} Would basically be the expected output (the keys would be transformed in my application code), indicating that 300 unique emails have cumulatively received at least 99 (amount) across all documents. Intuitively, I would expect a query

问题 I need to compute a pipeline aggregation in ElasticSearch and I can't figure out how to express it. Each document has an email address and an amount. I need to output range buckets of amount counts, grouped by unique email. { "0 - 99": 300, "100 - 400": 100 ...} Would basically be the expected output (the keys would be transformed in my application code), indicating that 300 unique emails have cumulatively received at least 99 (amount) across all documents. Intuitively, I would expect a query

问题 I have an index, invoices , that I need to aggregate into yearly buckets then sort. I have succeeded in using Bucket Sort to sort my buckets by simple sum values ( revenue and tax ). However, I am struggling to sort by more deeply nested doc_count values ( status ). I want to order my buckets not only by revenue , but also by the number of docs with a status field equal to 1, 2, 3 etc... The documents in my index looks like this: "_source": { "created_at": "2018-07-07T03:11:34.327Z", "status"

问题 I have two types of log messages: Jul 23 09:24:16 rrr mrr-core[222]: Aweg3AOMTs_1563866656871111.mt processMTMessage() #12798 realtime: 5.684 ms Jul 23 09:24:18 rrr mrr-core[2222]: Aweg3AOMTs_1563866656871111.0.dn processDN() #7750 realtime: 1.382 ms The first message is kind of sent message and second is message which confirm that message was delivered. The difference between them is the suffix which I have separated from "id" and can query it. These messages are parsed and stored in