Multiple filters and an aggregate in elasticsearch

前端未结

关注

 4  660

广开言路 2020-12-14 01:26

How can I use a filter in connection with an aggregate in elasticsearch?

The official documentation gives only trivial examples for filter and for aggregations and n

4条回答

感动是毒 (楼主)

2020-12-14 01:49

I ended up using a filter aggregation - not filtered query. So now I have 3 nested aggs elements.

I also use bool filter instead of and as recommended by @alex-brasetvik because of http://www.elasticsearch.org/blog/all-about-elasticsearch-filter-bitsets/

My final implementation:

{
  "aggs": {
    "filtered": {
      "filter": {
        "bool": {
          "must": [
            {
              "term": {
                "_type": "logs"
              }
            },
            {
              "term": {
                "dc": "eu-west-12"
              }
            },
            {
              "term": {
                "status": "204"
              }
            },
            {
              "range": {
                "@timestamp": {
                  "from": 1398176502000,
                  "to": 1400768502000
                }
              }
            }
          ]
        }
      },
      "aggs": {
        "time_histo": {
          "date_histogram": {
            "field": "@timestamp",
            "interval": "1h"
          },
          "aggs": {
            "name": {
              "percentiles": {
                "field": "upstream_response_time",
                "percents": [
                  98.0
                ]
              }
            }
          }
        }
      }
    }
  },
  "size": 0
}

0 讨论(0)

查看其它4个回答