热门
目前正在出一个Es专题系列教程, 篇幅会较多, 喜欢的话,给个关注❤️ ~
Es专题
本节给大家讲下es中如何做聚合操作, 内容有点多,需要耐心看完~
es
聚合
本文偏实战一些,好了, 废话不多说直接开整吧~
聚合的概念有点类似mysql中group by,sum(...),这么说大家可能就有点印象了, 但是在es中聚合操作功能更强大。
mysql
group by
sum(...)
在了解es中聚合的概念之前,先来看下这两个概念, 聚合就是一个或多个桶和零个或多个指标的组合。
桶
指标
聚合有着非常多的场景应用,比如后台报表,通常要做非常多的复杂统计,而且数据量庞大,如果单纯依靠数据库统计,速度会非常慢甚至拖垮数据库,而使用es就会相对容易一些
可以理解为es中存储的文档,通过满足特定条件的集合,这就叫做桶。
当聚合开始被执行,每个文档里面的值通过计算来决定符合哪个桶的条件。如果匹配到,文档将放入相应的桶并接着进行聚合操作。桶也可以被嵌套在其他桶里面,提供层次化的或者有条件的划分方案。
对桶内的文档进行计算,比如通过文档的值计算平均值,计算最大值最小值, 下面就带大家看看如何去进行聚合操作
通常语法如下:
GET index_name/_search { "aggs": { "NAME": { "AGG_TYPE": {} } } }
index_name
aggs
NAME
AGG_TYPE
注意NAME, AGG_TYPE是特定参数, 下面我们看看有哪些聚合类型:
聚合类型
terms
histogram
date_histogram
cardinality
percentiles
percentile_ranks
filter
post_filter
avg
sum
min
max
下面看一个示例:
本节我们新建索引,下面是一个简单的请求日志索引, 定义了请求方法,路径,耗时,日志创建时间这几个字段
PUT req_log { "mappings": { "properties" : { "method" : { "type" : "keyword" }, "path" : { "type" : "keyword" }, "times" : { "type" : "long" }, "created" : { "type" : "date" } } } }
紧接着,往里边塞点数据
POST /req_log/_bulk { "index": {}} { "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" } { "index": {}} { "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" } { "index": {}} { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } { "index": {}} { "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" } { "index": {}} { "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" } { "index": {}} { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } { "index": {}} { "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" } { "index": {}} { "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" } { "index": {}} { "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" } { "index": {}} { "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" } { "index": {}} { "times" : 89, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-11" } { "index": {}} { "times" : 380, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-12" } { "index": {}} { "times" : 270, "method" : "GET", "path" : "/api/post/10", "created" : "2023-02-13" } { "index": {}} { "times" : 630, "method" : "GET", "path" : "/api/post/12", "created" : "2023-02-14" } { "index": {}} { "times" : 210 , "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-15" } { "index": {}} { "times" : 900, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-16" } { "index": {}} { "times" : 870, "method" : "GET", "path" : "/api/post/7", "created" : "2023-02-17" }
查询每个请求路径(path)下的请求数量
请求路径(path)
GET req_log/_search { "aggs": { "counts": { "terms": { "field": "path" } } } }
返回:
{ "took" : 995, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 17, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "GUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "GkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "H0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" } } ] }, "aggregations" : { "counts" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3 }, { "key" : "/api/post/6", "doc_count" : 3 }, { "key" : "/api/post/1", "doc_count" : 2 }, { "key" : "/api/post/2", "doc_count" : 2 }, { "key" : "/api/post/4", "doc_count" : 2 }, { "key" : "/api/post/10", "doc_count" : 1 }, { "key" : "/api/post/12", "doc_count" : 1 }, { "key" : "/api/post/20", "doc_count" : 1 }, { "key" : "/api/post/7", "doc_count" : 1 }, { "key" : "/api/post/8", "doc_count" : 1 } ] } } }
可以看到自定义返回的字段counts,聚合的类型为terms,聚合字段为path,也就是按照path进行桶划分。
counts
path
从结果来看也很明显,buckets分为了4个桶,key代表聚合的字段名称,doc_count代表文档的数量
buckets
key
doc_count
terms还支持以下命令格式:
GET req_log/_search { "aggs": { "counts": { "terms": { "field": "path", "size": 10, "collect_mode": "depth_first", "order": { "_count": "desc" } } } } }
{ "took" : 1, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, ......, "aggregations" : { "counts" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3 }, { "key" : "/api/post/6", "doc_count" : 3 }, { "key" : "/api/post/1", "doc_count" : 2 }, { "key" : "/api/post/2", "doc_count" : 2 }, { "key" : "/api/post/4", "doc_count" : 2 }, { "key" : "/api/post/10", "doc_count" : 1 }, { "key" : "/api/post/12", "doc_count" : 1 }, { "key" : "/api/post/20", "doc_count" : 1 }, { "key" : "/api/post/7", "doc_count" : 1 }, { "key" : "/api/post/8", "doc_count" : 1 } ] } } }
size
=10
collect_mode
深度优先遍历(depth_first)
广度优先遍历(breadth_first)
order
es中默认支持聚合的嵌套,可以在一个桶中再次进行桶的划分, 嵌套有分为同级和子级,下面看一个例子:
同级
子级
GET req_log/_search { "aggs": { "path_count": { "terms": { "field": "path" } }, "method_count": { "terms": { "field": "method" } } } }
{ "took" : 7, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 17, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "GUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "GkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "H0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" } } ] }, "aggregations" : { "method_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "GET", "doc_count" : 17 } ] }, "path_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3 }, { "key" : "/api/post/6", "doc_count" : 3 }, { "key" : "/api/post/1", "doc_count" : 2 }, { "key" : "/api/post/2", "doc_count" : 2 }, { "key" : "/api/post/4", "doc_count" : 2 }, { "key" : "/api/post/10", "doc_count" : 1 }, { "key" : "/api/post/12", "doc_count" : 1 }, { "key" : "/api/post/20", "doc_count" : 1 }, { "key" : "/api/post/7", "doc_count" : 1 }, { "key" : "/api/post/8", "doc_count" : 1 } ] } } }
从结果来看,很明显的看出,不同method和path下的请求数量
method
假如,我现在有一个需求:
查询示例:
GET req_log/_search { "aggs": { "method_count": { "terms": { "field": "method" }, "aggs": { "path_count": { "terms": { "field": "path" }, "aggs": { "avg_times": { "avg": { "field": "times" } } } } } } } }
{ "took" : 3, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 17, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "GUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "GkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "H0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" } } ] }, "aggregations" : { "method_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "GET", "doc_count" : 17, "path_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3, "avg_times" : { "value" : 63.0 } }, { "key" : "/api/post/6", "doc_count" : 3, "avg_times" : { "value" : 1053.3333333333333 } }, { "key" : "/api/post/1", "doc_count" : 2, "avg_times" : { "value" : 115.0 } }, { "key" : "/api/post/2", "doc_count" : 2, "avg_times" : { "value" : 205.0 } }, { "key" : "/api/post/4", "doc_count" : 2, "avg_times" : { "value" : 305.0 } }, { "key" : "/api/post/10", "doc_count" : 1, "avg_times" : { "value" : 270.0 } }, { "key" : "/api/post/12", "doc_count" : 1, "avg_times" : { "value" : 630.0 } }, { "key" : "/api/post/20", "doc_count" : 1, "avg_times" : { "value" : 120.0 } }, { "key" : "/api/post/7", "doc_count" : 1, "avg_times" : { "value" : 870.0 } }, { "key" : "/api/post/8", "doc_count" : 1, "avg_times" : { "value" : 9000.0 } } ] } } ] } } }
从结果来看,桶按照层级嵌套关系
这种是最常见的过滤方法,就是对查询结果和聚合结果都进行过滤,在aggs同级加上一个query即可,query前几节都给大家讲过, 下面看一个示例:
query
GET req_log/_search { "query": { "constant_score": { "filter": { "term": { "method": "POST" } } } }, "aggs": { "path_count": { "terms": { "field": "path" } } } }
{ "took" : 2, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 0, "relation" : "eq" }, "max_score" : null, "hits" : [ ] }, "aggregations" : { "path_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ ] } } }
可以看到结果是空的,原因是我们过滤了方法,因为整个文档都不存在POST所以为空
POST
有时候我们的需求是这样的,想要拿某个数据和整个文档数据做比较,这个怎么做呢?global:{}可以很方便的聚合全部文档,下面看一个示例:
global:{}
全部文档
查询path=/api/post/3下的平均请求耗时和整个请求下的平均请求耗时
path=/api/post/3
GET req_log/_search { "query": { "constant_score": { "filter": { "term": { "path": "/api/post/3" } } } }, "aggs": { "path_avg": { "avg": { "field": "times" } }, "all_order":{ "global": {}, "aggs": { "all_avg": { "avg": { "field": "times" } } } } } }
{ "took" : 11, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "I0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 89, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-11" } } ] }, "aggregations" : { "path_avg" : { "value" : 63.0 }, "all_order" : { "doc_count" : 17, "all_avg" : { "value" : 911.1176470588235 } } } }
从结果比较来看api/post/3下的接口请求速度还是很快的,平均是63, 整个接口平均耗时是911
api/post/3
63
911
有时候,我们不需要过滤查询结果,只需要过滤聚合结果,这个怎么做呢?下面接着看一个示例:
查询method=GET下的请求并计算出path=/api/post/3下的请求平均耗时
method=GET
GET req_log/_search { "query":{ "constant_score":{ "filter":{ "term":{ "method":"GET" } } } }, "aggs":{ "req_count":{ "aggs":{ "req_path_order":{ "terms":{ "field":"path" }, "aggs":{ "avg_times":{ "avg":{ "field":"times" } } } } }, "filter":{ "term":{ "path":"/api/post/3" } } } } }
来看返回结果:
{ "took" : 6, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 17, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "GUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "GkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "H0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IEK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IUK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "IkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" } } ] }, "aggregations" : { "req_count" : { "doc_count" : 3, "req_path_order" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3, "avg_times" : { "value" : 63.0 } } ] } } } }
从结果来看,请求查询的结果并没有被过滤,只有聚合的结果被过滤了
与上相反,值过滤查询,不过滤聚合结果, 下面看个示例:
查询path=/api/post/3并且method=GET下的请求,并聚合结果各个path下的请求数
GET req_log/_search { "aggs": { "path_count": { "terms": { "field": "path" } } }, "post_filter": { "bool": { "must": [ { "term": { "path": { "value": "/api/post/3" } } }, { "term": { "method": { "value": "GET" } } } ] } } }
{ "took" : 4, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : "req_log", "_type" : "_doc", "_id" : "G0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "HkK3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" } }, { "_index" : "req_log", "_type" : "_doc", "_id" : "I0K3NIYBdXrpvlCF01bz", "_score" : 1.0, "_source" : { "times" : 89, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-11" } } ] }, "aggregations" : { "path_count" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "/api/post/3", "doc_count" : 3 }, { "key" : "/api/post/6", "doc_count" : 3 }, { "key" : "/api/post/1", "doc_count" : 2 }, { "key" : "/api/post/2", "doc_count" : 2 }, { "key" : "/api/post/4", "doc_count" : 2 }, { "key" : "/api/post/10", "doc_count" : 1 }, { "key" : "/api/post/12", "doc_count" : 1 }, { "key" : "/api/post/20", "doc_count" : 1 }, { "key" : "/api/post/7", "doc_count" : 1 }, { "key" : "/api/post/8", "doc_count" : 1 } ] } } }
从结果来看,查询结果只有api/post/3但是聚合结果并没有过滤这个条件
本节就到此结束了,还有一些聚合内容放到下节讲,先消化这么多 ~
本着把自己知道的都告诉大家,如果本文对您有所帮助,点赞+关注鼓励一下呗~
点赞+关注
地址
