一起来学ElasticSearch(九)
站长
· 阅读数 39
前言
目前正在出一个Es专题系列教程, 篇幅会较多, 喜欢的话,给个关注❤️ ~
本节给大家讲下es中如何做聚合操作, 内容有点多,需要耐心看完~
本文偏实战一些,好了, 废话不多说直接开整吧~
什么是聚合
聚合的概念有点类似mysql中group by,sum(...),这么说大家可能就有点印象了, 但是在es中聚合操作功能更强大。
在了解es中聚合的概念之前,先来看下这两个概念, 聚合就是一个或多个桶和零个或多个指标的组合。
聚合有着非常多的场景应用,比如后台报表,通常要做非常多的复杂统计,而且数据量庞大,如果单纯依靠数据库统计,速度会非常慢甚至拖垮数据库,而使用es就会相对容易一些
桶(Buckets)
可以理解为es中存储的文档,通过满足特定条件的集合,这就叫做桶。
当聚合开始被执行,每个文档里面的值通过计算来决定符合哪个桶的条件。如果匹配到,文档将放入相应的桶并接着进行聚合操作。桶也可以被嵌套在其他桶里面,提供层次化的或者有条件的划分方案。
指标(Metrics)
对桶内的文档进行计算,比如通过文档的值计算平均值,计算最大值最小值, 下面就带大家看看如何去进行聚合操作
聚合指令
通常语法如下:
GET index_name/_search
{
"aggs": {
"NAME": {
"AGG_TYPE": {}
}
}
}
index_name: 索引名称aggs: 聚合修饰符NAME:自定义变量名称,用于返回聚合结果时的变量名AGG_TYPE:聚合类型
注意NAME, AGG_TYPE是特定参数, 下面我们看看有哪些聚合类型:
terms:按照匹配条件进行聚合,可以按照条件将文档存入不同的桶中,进行后续操作histogram:条形图(折方图),可以指定步长,按照步长递增进行聚合date_histogram:时间条形图(折方图),可以指定时间频率,按照时间频率进行聚合cardinality:去重计算,存在一定的误差值percentiles:获取字段不同百分比数对应的值percentile_ranks:获取值对应的百分比数filter:对聚合结果进行过滤,对查询结果不过滤post_filter:对聚合结果不过滤,对查询结果过滤avg:计算平均值sum:求和min:最小值max:最大值
下面看一个示例:
本节我们新建索引,下面是一个简单的请求日志索引, 定义了请求方法,路径,耗时,日志创建时间这几个字段
PUT req_log
{
"mappings": {
"properties" : {
"method" : {
"type" : "keyword"
},
"path" : {
"type" : "keyword"
},
"times" : {
"type" : "long"
},
"created" : {
"type" : "date"
}
}
}
}
紧接着,往里边塞点数据
POST /req_log/_bulk
{ "index": {}}
{ "times" : 80, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-09" }
{ "index": {}}
{ "times" : 30, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-07" }
{ "index": {}}
{ "times" : 20, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-08" }
{ "index": {}}
{ "times" : 120, "method" : "GET", "path" : "/api/post/20", "created" : "2023-02-06" }
{ "index": {}}
{ "times" : 150, "method" : "GET", "path" : "/api/post/1", "created" : "2023-02-05" }
{ "index": {}}
{ "times" : 80, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-04" }
{ "index": {}}
{ "times" : 960, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-03" }
{ "index": {}}
{ "times" : 9000, "method" : "GET", "path" : "/api/post/8", "created" : "2023-02-02" }
{ "index": {}}
{ "times" : 1300, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-01" }
{ "index": {}}
{ "times" : 400, "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-10" }
{ "index": {}}
{ "times" : 89, "method" : "GET", "path" : "/api/post/3", "created" : "2023-02-11" }
{ "index": {}}
{ "times" : 380, "method" : "GET", "path" : "/api/post/2", "created" : "2023-02-12" }
{ "index": {}}
{ "times" : 270, "method" : "GET", "path" : "/api/post/10", "created" : "2023-02-13" }
{ "index": {}}
{ "times" : 630, "method" : "GET", "path" : "/api/post/12", "created" : "2023-02-14" }
{ "index": {}}
{ "times" : 210 , "method" : "GET", "path" : "/api/post/4", "created" : "2023-02-15" }
{ "index": {}}
{ "times" : 900, "method" : "GET", "path" : "/api/post/6", "created" : "2023-02-16" }
{ "index": {}}
{ "times" : 870, "method" : "GET", "path" : "/api/post/7", "created" : "2023-02-17" }
查询每个请求路径(path)下的请求数量
GET req_log/_search
{
"aggs": {
"counts": {
"terms": {
"field": "path"
}
}
}
}
返回:
{
"took" : 995,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 17,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-09"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 30,
"method" : "GET",
"path" : "/api/post/2",
"created" : "2023-02-07"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 120,
"method" : "GET",
"path" : "/api/post/20",
"created" : "2023-02-06"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 150,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-05"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "H0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 960,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-03"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 9000,
"method" : "GET",
"path" : "/api/post/8",
"created" : "2023-02-02"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 1300,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-01"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 400,
"method" : "GET",
"path" : "/api/post/4",
"created" : "2023-02-10"
}
}
]
},
"aggregations" : {
"counts" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3
},
{
"key" : "/api/post/6",
"doc_count" : 3
},
{
"key" : "/api/post/1",
"doc_count" : 2
},
{
"key" : "/api/post/2",
"doc_count" : 2
},
{
"key" : "/api/post/4",
"doc_count" : 2
},
{
"key" : "/api/post/10",
"doc_count" : 1
},
{
"key" : "/api/post/12",
"doc_count" : 1
},
{
"key" : "/api/post/20",
"doc_count" : 1
},
{
"key" : "/api/post/7",
"doc_count" : 1
},
{
"key" : "/api/post/8",
"doc_count" : 1
}
]
}
}
}
可以看到自定义返回的字段counts,聚合的类型为terms,聚合字段为path,也就是按照path进行桶划分。
从结果来看也很明显,buckets分为了4个桶,key代表聚合的字段名称,doc_count代表文档的数量
terms还支持以下命令格式:
GET req_log/_search
{
"aggs": {
"counts": {
"terms": {
"field": "path",
"size": 10,
"collect_mode": "depth_first",
"order": {
"_count": "desc"
}
}
}
}
}
返回:
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
......,
"aggregations" : {
"counts" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3
},
{
"key" : "/api/post/6",
"doc_count" : 3
},
{
"key" : "/api/post/1",
"doc_count" : 2
},
{
"key" : "/api/post/2",
"doc_count" : 2
},
{
"key" : "/api/post/4",
"doc_count" : 2
},
{
"key" : "/api/post/10",
"doc_count" : 1
},
{
"key" : "/api/post/12",
"doc_count" : 1
},
{
"key" : "/api/post/20",
"doc_count" : 1
},
{
"key" : "/api/post/7",
"doc_count" : 1
},
{
"key" : "/api/post/8",
"doc_count" : 1
}
]
}
}
}
size:返回桶中的多少个数据,通常可以结合排序模式进行使用,默认值=10collect_mode: 集合模式,包括深度优先遍历(depth_first)和广度优先遍历(breadth_first)两种。对于数组类型的字段,在使用深度优先遍历的情况下,可能会导致占用内存过多的情况。因为深度优先遍历会将数据全部加载到内存中后再进行操作order排序,默认按照doc_count倒序排列,可以指定默认字段或子聚合字段进行排序
嵌套聚合
es中默认支持聚合的嵌套,可以在一个桶中再次进行桶的划分, 嵌套有分为同级和子级,下面看一个例子:
同级嵌套
GET req_log/_search
{
"aggs": {
"path_count": {
"terms": {
"field": "path"
}
},
"method_count": {
"terms": {
"field": "method"
}
}
}
}
返回:
{
"took" : 7,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 17,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-09"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 30,
"method" : "GET",
"path" : "/api/post/2",
"created" : "2023-02-07"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 120,
"method" : "GET",
"path" : "/api/post/20",
"created" : "2023-02-06"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 150,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-05"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "H0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 960,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-03"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 9000,
"method" : "GET",
"path" : "/api/post/8",
"created" : "2023-02-02"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 1300,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-01"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 400,
"method" : "GET",
"path" : "/api/post/4",
"created" : "2023-02-10"
}
}
]
},
"aggregations" : {
"method_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "GET",
"doc_count" : 17
}
]
},
"path_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3
},
{
"key" : "/api/post/6",
"doc_count" : 3
},
{
"key" : "/api/post/1",
"doc_count" : 2
},
{
"key" : "/api/post/2",
"doc_count" : 2
},
{
"key" : "/api/post/4",
"doc_count" : 2
},
{
"key" : "/api/post/10",
"doc_count" : 1
},
{
"key" : "/api/post/12",
"doc_count" : 1
},
{
"key" : "/api/post/20",
"doc_count" : 1
},
{
"key" : "/api/post/7",
"doc_count" : 1
},
{
"key" : "/api/post/8",
"doc_count" : 1
}
]
}
}
}
从结果来看,很明显的看出,不同method和path下的请求数量
子级嵌套
假如,我现在有一个需求:
- 同级各个请求方法下的请求数量
- 各个请求
method下各个path的请求数量 - 各个
path下请求耗时的平均值
查询示例:
GET req_log/_search
{
"aggs": {
"method_count": {
"terms": {
"field": "method"
},
"aggs": {
"path_count": {
"terms": {
"field": "path"
},
"aggs": {
"avg_times": {
"avg": {
"field": "times"
}
}
}
}
}
}
}
}
返回:
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 17,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-09"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 30,
"method" : "GET",
"path" : "/api/post/2",
"created" : "2023-02-07"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 120,
"method" : "GET",
"path" : "/api/post/20",
"created" : "2023-02-06"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 150,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-05"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "H0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 960,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-03"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 9000,
"method" : "GET",
"path" : "/api/post/8",
"created" : "2023-02-02"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 1300,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-01"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 400,
"method" : "GET",
"path" : "/api/post/4",
"created" : "2023-02-10"
}
}
]
},
"aggregations" : {
"method_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "GET",
"doc_count" : 17,
"path_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3,
"avg_times" : {
"value" : 63.0
}
},
{
"key" : "/api/post/6",
"doc_count" : 3,
"avg_times" : {
"value" : 1053.3333333333333
}
},
{
"key" : "/api/post/1",
"doc_count" : 2,
"avg_times" : {
"value" : 115.0
}
},
{
"key" : "/api/post/2",
"doc_count" : 2,
"avg_times" : {
"value" : 205.0
}
},
{
"key" : "/api/post/4",
"doc_count" : 2,
"avg_times" : {
"value" : 305.0
}
},
{
"key" : "/api/post/10",
"doc_count" : 1,
"avg_times" : {
"value" : 270.0
}
},
{
"key" : "/api/post/12",
"doc_count" : 1,
"avg_times" : {
"value" : 630.0
}
},
{
"key" : "/api/post/20",
"doc_count" : 1,
"avg_times" : {
"value" : 120.0
}
},
{
"key" : "/api/post/7",
"doc_count" : 1,
"avg_times" : {
"value" : 870.0
}
},
{
"key" : "/api/post/8",
"doc_count" : 1,
"avg_times" : {
"value" : 9000.0
}
}
]
}
}
]
}
}
}
从结果来看,桶按照层级嵌套关系
聚合过滤
查询和聚合过滤
这种是最常见的过滤方法,就是对查询结果和聚合结果都进行过滤,在aggs同级加上一个query即可,query前几节都给大家讲过, 下面看一个示例:
GET req_log/_search
{
"query": {
"constant_score": {
"filter": {
"term": {
"method": "POST"
}
}
}
},
"aggs": {
"path_count": {
"terms": {
"field": "path"
}
}
}
}
返回:
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"path_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [ ]
}
}
}
可以看到结果是空的,原因是我们过滤了方法,因为整个文档都不存在POST所以为空
有时候我们的需求是这样的,想要拿某个数据和整个文档数据做比较,这个怎么做呢?global:{}可以很方便的聚合全部文档,下面看一个示例:
查询path=/api/post/3下的平均请求耗时和整个请求下的平均请求耗时
GET req_log/_search
{
"query": {
"constant_score": {
"filter": {
"term": {
"path": "/api/post/3"
}
}
}
},
"aggs": {
"path_avg": {
"avg": {
"field": "times"
}
},
"all_order":{
"global": {},
"aggs": {
"all_avg": {
"avg": {
"field": "times"
}
}
}
}
}
}
返回:
{
"took" : 11,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "I0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 89,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-11"
}
}
]
},
"aggregations" : {
"path_avg" : {
"value" : 63.0
},
"all_order" : {
"doc_count" : 17,
"all_avg" : {
"value" : 911.1176470588235
}
}
}
}
从结果比较来看api/post/3下的接口请求速度还是很快的,平均是63, 整个接口平均耗时是911
聚合过滤
有时候,我们不需要过滤查询结果,只需要过滤聚合结果,这个怎么做呢?下面接着看一个示例:
查询method=GET下的请求并计算出path=/api/post/3下的请求平均耗时
- filter
GET req_log/_search
{
"query":{
"constant_score":{
"filter":{
"term":{
"method":"GET"
}
}
}
},
"aggs":{
"req_count":{
"aggs":{
"req_path_order":{
"terms":{
"field":"path"
},
"aggs":{
"avg_times":{
"avg":{
"field":"times"
}
}
}
}
},
"filter":{
"term":{
"path":"/api/post/3"
}
}
}
}
}
来看返回结果:
{
"took" : 6,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 17,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-09"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "GkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 30,
"method" : "GET",
"path" : "/api/post/2",
"created" : "2023-02-07"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 120,
"method" : "GET",
"path" : "/api/post/20",
"created" : "2023-02-06"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 150,
"method" : "GET",
"path" : "/api/post/1",
"created" : "2023-02-05"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "H0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 960,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-03"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IEK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 9000,
"method" : "GET",
"path" : "/api/post/8",
"created" : "2023-02-02"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IUK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 1300,
"method" : "GET",
"path" : "/api/post/6",
"created" : "2023-02-01"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "IkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 400,
"method" : "GET",
"path" : "/api/post/4",
"created" : "2023-02-10"
}
}
]
},
"aggregations" : {
"req_count" : {
"doc_count" : 3,
"req_path_order" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3,
"avg_times" : {
"value" : 63.0
}
}
]
}
}
}
}
从结果来看,请求查询的结果并没有被过滤,只有聚合的结果被过滤了
查询过滤 & 聚合不过滤
与上相反,值过滤查询,不过滤聚合结果, 下面看个示例:
查询path=/api/post/3并且method=GET下的请求,并聚合结果各个path下的请求数
- post_filter
GET req_log/_search
{
"aggs": {
"path_count": {
"terms": {
"field": "path"
}
}
},
"post_filter": {
"bool": {
"must": [
{
"term": {
"path": {
"value": "/api/post/3"
}
}
},
{
"term": {
"method": {
"value": "GET"
}
}
}
]
}
}
}
返回:
{
"took" : 4,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "G0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 20,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-08"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "HkK3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 80,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-04"
}
},
{
"_index" : "req_log",
"_type" : "_doc",
"_id" : "I0K3NIYBdXrpvlCF01bz",
"_score" : 1.0,
"_source" : {
"times" : 89,
"method" : "GET",
"path" : "/api/post/3",
"created" : "2023-02-11"
}
}
]
},
"aggregations" : {
"path_count" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "/api/post/3",
"doc_count" : 3
},
{
"key" : "/api/post/6",
"doc_count" : 3
},
{
"key" : "/api/post/1",
"doc_count" : 2
},
{
"key" : "/api/post/2",
"doc_count" : 2
},
{
"key" : "/api/post/4",
"doc_count" : 2
},
{
"key" : "/api/post/10",
"doc_count" : 1
},
{
"key" : "/api/post/12",
"doc_count" : 1
},
{
"key" : "/api/post/20",
"doc_count" : 1
},
{
"key" : "/api/post/7",
"doc_count" : 1
},
{
"key" : "/api/post/8",
"doc_count" : 1
}
]
}
}
}
从结果来看,查询结果只有api/post/3但是聚合结果并没有过滤这个条件
结束语
本节就到此结束了,还有一些聚合内容放到下节讲,先消化这么多 ~
本着把自己知道的都告诉大家,如果本文对您有所帮助,点赞+关注鼓励一下呗~
相关文章
- 利用docker搭建es集群
- 一起来学ElasticSearch(一)
- 一起来学ElasticSearch(二)
- 一起来学ElasticSearch(三)
- 一起来学ElasticSearch(四)
- 一起来学ElasticSearch(五)
- 一起来学ElasticSearch(六)
- 一起来学ElasticSearch(七)
- 一起来学ElasticSearch(八)
项目源码(源码已更新 欢迎star⭐️)
往期并发编程内容推荐
- Java多线程专题之线程与进程概述
- Java多线程专题之线程类和接口入门
- Java多线程专题之进阶学习Thread(含源码分析)
- Java多线程专题之Callable、Future与FutureTask(含源码分析)
- 面试官: 有了解过线程组和线程优先级吗
- 面试官: 说一下线程的生命周期过程
- 面试官: 说一下线程间的通信
- 面试官: 说一下Java的共享内存模型
- 面试官: 有了解过指令重排吗,什么是happens-before
- 面试官: 有了解过volatile关键字吗 说说看
- 面试官: 有了解过Synchronized吗 说说看
- Java多线程专题之Lock锁的使用
- 面试官: 有了解过ReentrantLock的底层实现吗?说说看
- 面试官: 有了解过CAS和原子操作吗?说说看
- Java多线程专题之线程池的基本使用
- 面试官: 有了解过线程池的工作原理吗?说说看
- 面试官: 线程池是如何做到线程复用的?有了解过吗,说说看
- 面试官: 阻塞队列有了解过吗?说说看
- 面试官: 阻塞队列的底层实现有了解过吗? 说说看
- 面试官: 同步容器和并发容器有用过吗? 说说看
- 面试官: CopyOnWrite容器有了解过吗? 说说看
- 面试官: Semaphore在项目中有使用过吗?说说看(源码剖析)
- 面试官: Exchanger在项目中有使用过吗?说说看(源码剖析)
- 面试官: CountDownLatch有了解过吗?说说看(源码剖析)
- 面试官: CyclicBarrier有了解过吗?说说看(源码剖析)
- 面试官: Phaser有了解过吗?说说看
- 面试官: Fork/Join 有了解过吗?说说看(含源码分析)
- 面试官: Stream并行流有了解过吗?说说看
博客(阅读体验较佳)
推荐 SpringBoot & SpringCloud (源码已更新 欢迎star⭐️)
转载自:https://juejin.cn/post/7198041700563992633