带你读《Elastic Stack 实战手册》之44：——3.5.3.Rollup (2)

PUT _rollup/job/es-slowlog-agg-id
{
  "index_pattern": "es-slowlog*", #索引pattern名称
  "rollup_index": "rollup-es-slowlog-agg", #目标索引，rollup-开头必须明确指定
  "cron": "0 * * * * ?",  #定时任务执行周期，与汇总数据的时间间隔无关。
  "groups": {
    "date_histogram": { #定义 日期直方图聚合
      "calendar_interval": "1m",  # 时间桶大小，一分钟一个桶
      "field": "timestamp_local", #聚合的时间字段
      "delay": "1m", #汇总延时，多久之前的数据可以进行汇总，因为部分数据写入可能会有延时，汇总任务前要将数据全部写入并且可查询
      "time_zone": "UTC" # 时区 eg: GMT+8
    },
    "terms": {
      "fields": [  #汇总字段
        "cluster", # 集群的名称
        "elasticsearch.index.name", #索引名称
        "host.name" #主机名
      ]
    }
  },
  "metrics": [], #默认是count数，可以指定min、max、sum、average、value count
  "timeout": "20s", #超时时间
  "page_size": 10000 #单页数量，较大的值会更快地汇总，但也会耗费更多内存
}

GET _rollup/job/*

GET _rollup/job/es-slowlog-agg-id
{
  "jobs": [
    {
      "config": {
        "id": "es-slowlog-agg-id",
        "index_pattern": "es-slowlog*",
        "rollup_index": "rollup-es-slowlog-agg",
        "cron": "0 * * * * ?",
        "groups": {
          "date_histogram": {
            "calendar_interval": "1m",
            "field": "timestamp_local",
            "delay": "1m",
            "time_zone": "UTC"
          },
          "terms": {
            "fields": [
              "cluster",
              "elasticsearch.index.name",
              "host.name"
            ]
          }
        },
        "metrics": [
        ],
        "timeout": "20s",
        "page_size": 10000
      },
      "status": {
        "job_state": "stopped",
        "upgraded_doc_id": true
      },
      "stats": {
        "pages_processed": 0,
        "documents_processed": 0,
        "rollups_indexed": 0,
        "trigger_count": 0,
        "index_time_in_ms": 0,
        "index_total": 0,
        "index_failures": 0,
        "search_time_in_ms": 0,
        "search_total": 0,
        "search_failures": 0,
        "processing_time_in_ms": 0,
        "processing_total": 0
      }
    }
  ]
}

POST _rollup/job/es-slowlog-agg-id/_start
#执行后获取当前任务状态，关注下status、stats
GET _rollup/job/es-slowlog-agg-id
{
  "jobs": [
{
     "config": {
        "id": "es-slowlog-agg-id",
        "index_pattern": "es-slowlog*",
        "rollup_index": "rollup-es-slowlog-agg",
        "cron": "0 * * * * ?",
        "groups": {
          "date_histogram": {
            "calendar_interval": "1m",
            "field": "timestamp_local",
            "delay": "1m",
            "time_zone": "UTC"
          },
          "terms": {
            "fields": [
              "cluster",
              "elasticsearch.index.name",
              "host.name"
            ]
          }
        },
        "metrics": [
        ],
        "timeout": "20s",
        "page_size": 10000
      },
      "status": {
        "job_state": "started",  #如果停止的任务，此处显示stopped 
        "current_position": { #当前rollup任务执行的位置，及term结果
          "cluster.terms": "clustername-demo",
          "elasticsearch.index.name.terms": "basiclog-slowlog_2021-04-02",
          "host.name.terms": "host_name-demo",
          "timestamp_local.date_histogram": 1618984980000      },
        "upgraded_doc_id": true
      },
      "stats": { #执行状态
        "pages_processed": 2,
        "documents_processed": 1,
        "rollups_indexed": 1,
        "trigger_count": 1,
        "index_time_in_ms": 103,
        "index_total": 1,
        "index_failures": 0,
        "search_time_in_ms": 6,
        "search_total": 2,
        "search_failures": 0,
        "processing_time_in_ms": 0,
        "processing_total": 2
      }
    }
  ]
}