如何使用与弹性搜索中的聚合相关联的过滤器?
官方文档仅给出了filter和aggregations的简单示例,并没有对查询dsl的正式描述 – 比较它。与postgres documentation。
通过尝试,我发现以下查询,这是通过elasticsearch(没有解析错误)接受,但忽略给定的过滤器:
- {
- "filter": {
- "and": [
- {
- "term": {
- "_type": "logs"
- }
- },{
- "term": {
- "dc": "eu-west-12"
- }
- },{
- "term": {
- "status": "204"
- }
- },{
- "range": {
- "@timestamp": {
- "from": 1398169707,"to": 1400761707
- }
- }
- }
- ]
- },"size": 0,"aggs": {
- "time_histo": {
- "date_histogram": {
- "field": "@timestamp","interval": "1h"
- },"aggs": {
- "name": {
- "percentiles": {
- "field": "upstream_response_time","percents": [
- 98.0
- ]
- }
- }
- }
- }
- }
- }
有些人建议使用查询而不是过滤器。但官方文档通常建议the opposite对精确值进行过滤。查询的另一个问题是:当过滤器提供and时,查询不会。
我最终使用了
filter aggregation – 未过滤的查询。所以现在我有3个嵌套的aggs元素。
我也使用布尔过滤器,而不是由@ alex-brasetvik推荐,因为http://www.elasticsearch.org/blog/all-about-elasticsearch-filter-bitsets/
我的最终实现:
- {
- "aggs": {
- "filtered": {
- "filter": {
- "bool": {
- "must": [
- {
- "term": {
- "_type": "logs"
- }
- },{
- "term": {
- "dc": "eu-west-12"
- }
- },{
- "term": {
- "status": "204"
- }
- },{
- "range": {
- "@timestamp": {
- "from": 1398176502000,"to": 1400768502000
- }
- }
- }
- ]
- }
- },"aggs": {
- "time_histo": {
- "date_histogram": {
- "field": "@timestamp","interval": "1h"
- },"aggs": {
- "name": {
- "percentiles": {
- "field": "upstream_response_time","percents": [
- 98.0
- ]
- }
- }
- }
- }
- }
- }
- },"size": 0
- }
