elasticsearch-aggregation

问题 I am starting out with Elastic Search, and am stuck at trying to do some aggregation. Basically, I have a data set consisting of data in the following form: { "name": "The Chef Restaurant", "city": "New York", "state": "New York", "rating": "GOOD", "type": "Continental" } Now, I want to do some aggregation and get all the Continental restaurants, Good restaurants, Restaurants in New York in one query. Note that I don't want the count of all types of restaurants, I just want the count of the

问题 I'm a newbie to kibana. I have following data stored in ES: { "_index": "test", "_type": "impressions", "_id": "AVZ4QLgkLqvQLIzbvF4e", "_version": 1, "_score": 1, "_source": { "campaign_id": "1011", "count": 691, "played_dt": "2016-01-02" } } So, basically I have counts per campaign_id which is already aggregated data. I want a simple bar chart which plots counts per campaign_id where X axis is campaign_id and Y axis is it's count. I'm getting hits for that specific campaign_id as unique

问题 In my opinion, there are two ways to implement it. But I don't know which is faster, because I don't have much data to test. Like SQL below: SELECT min(occur_time) FROM event_* SELECT occur_time FROM event_* order by occur_time limit 1 回答1: You can run a query, with size:1, sorted by @timestamp ascending, and even include_fields:@timestamp in order to fetch back only the minimum timestamp field: { "size":1, "sort": [{"@timestamp":"asc"}], "_source": { "includes": [ "@timestamp" ] } } 来源：

问题 I am trying to obtain the weighted average by aggregating a nested list. Each document has details of a single student, and the subjects vary across each student and each subject has different weights. I am trying to calculate the weighted average subject-wise. My documents are of the form - [{'class': '10th', 'id': '1', 'subject': [{'marks': 60, 'name': 's1', 'weight': 30}, {'marks': 80, 'name': 's2', 'weight': 70}]}, {'class': '11th', 'id': '2', 'subject': [{'marks': 43, 'name': 's10',

问题 When accessing doc within map_script of a scripted aggregation, I keep getting a null pointer exception. For { "init_script":{ "source":"params._agg['transactions'] = [];" }, "map_script":{ "source":"Debug.explain(params)" <---------------- }, ... } I get { ..., "painless_class":"java.util.HashMap", "to_string":"{doc=org.elasticsearch.search.lookup.LeafDocLookup@133b9d24, _source=org.elasticsearch.search.lookup.SourceLookup@7b812d13, _doc=org.elasticsearch.search.lookup.LeafDocLookup@133b9d24

问题 I have some sample data on the Elasticsearch, which looks like the following: I am using the data table in the Visualize section to get the counts for each error type, for example: it should output Error: Update failed for online booking with id , count is 5. Not the count 1 for different id of the same error type. What I have done is to build a query to output the counts for each error type, which looks like this: However, when I save the query as the saved search, then visualize it as data

问题 I have documents in elasticsearch (1.5) that looks like: { "gender": [ { "name": "unknown", "value": 12 }, { "name": "male", "value": 89 }, { "name": "female", "value": 84 } ] } not all of the documents contains the three options (male/female/unknown) i would like to get the sum of all values per each gender name. like that: { "buckets": [ { "key": "unknown", "doc_count": 112, "gender_a": { "value": 462 } }, { "key": "male", "doc_count": 107, "gender_a": { "value": 438 } }, { "key": "female",

问题 I am trying to calculate average of the result set that is returning me locations from Elastic Search. Here is what i am trying. 'aggs' => [ "avg_location" => [ 'avg' => [ 'field' => 'location' ] ] ] This returns error as location itself is an object/array that returns me [lat,long] of the point. I need to calculate average of lats and longs of all the points returned. How can i do that? I tried quite a few things but none of them worked. Here is the whole code. $json = [ 'query' => [ 'bool'

问题 I want to perform date histogram query on my Elasticsearch data which is of the format: datetime,field_obj and field_obj has three fields in it: a,b,c Alongside date histogram aggregation, I want to find the average of field_obj i.e avg(field_a), avg(field_b), avg(field_c) also. I tried working it out like this: res = es.search(index="demo",body={"from": 0, "size": 0, "query": {"match_all": {}}, "aggs": { "date_avg": { "date_histogram": {"field": "datetime","interval": "year"}, "aggs": {"avg

问题 Question in short : When executing a query with a subaggregation, why does the inner aggregation miss data in some cases? Question in detail : I have a search query with a subaggregation (buckets in buckets) as follows: { "size": 0, "aggs": { "outer_docs": { "terms": {"size": 20, "field": "field_1_to_aggregate_on"}, "aggs": { "inner_docs": { "terms": {"size": 10000, "field": "field_2_to_aggregate_on"}, "aggs": "things to display here" } } } } } If I execute this query, for some outer_docs, I