需求
比如说我有 city, source, company, user等字段, 然后需要根据 user 字段来查出 各城市对应的 source, company字段, 即同样条件不同字段聚合, 如下
user city company
user city source
需要同时返回这两种聚合结果, 要怎么实现呢
实现
{
"aggs": {
"city": { # 第一层聚合city, 建议aggs_fied与聚合字段一致或相似, 方便后面取值
"terms": {
"field": "city",
"size": 100 # size不写默认是10, 建议写一个较大的数值
}
"aggs": {
"company": { # 第二层 同时聚合 company和 source
"terms": {
"field": "company",
"size": 100
}
},
"source": { # 第二层 同时聚合 company和 source
"terms": {
"field": "source",
"size": 100
}
}
}
}
},
"query": {
"bool": {
"must": [
{
"term": {
"user": [
"1"
]
}
}
]
}
},
"size": 0 # size为0不会展示 hits, 只会展示聚合结果
}
聚合出来的结果是这个样子的
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 292,
"max_score": 0,
"hits": []
},
"aggregations": {
"city": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "北京", # 城市是北京
"doc_count": 292,
"company": { # 这是city+company的聚合结果
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": 19, # 用户1在北京下面company=19的有262条数据
"doc_count": 262
},
{
"key": 16,
"doc_count": 14
}
]
},
"source": { # 这是city+source的聚合结果
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": 68, # 用户1在北京下面source=68的有4条数据
"doc_count": 4
},
{
"key": 67,
"doc_count": 3
},
{
"key": 79,
"doc_count": 3
},
{
"key": 65,
"doc_count": 1
}
]
}
}
]
}
}
}
结论
是不是很简单方便啊, 语句结构也很简单, 即
如果是往下聚合则继续在 aggs的聚合下面继续写aggs
{
"aggs": {
"aggs_field": {
"terms": {},
"aggs": {
"aggs_field": {}
}
}
}
}
如果是希望当前值保持跟上一层聚合, 则在当前aggs下继续平行写 聚合字段(aggs_field)
{
"aggs": {
"aggs_field": {
"terms": {},
"aggs": {
"aggs_field": {},
"aggs_field2": {},
"aggs_field3": {}
}
}
}
}
2085
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
