共计 6249 个字符,预计需要花费 16 分钟才能阅读完成。
一、参考
elasticsearch 学习系列目录——更新 ing
Composite aggregation
Composite aggregation ORDER BY
二、产生起因
当有多层聚合须要时候,应用 composite 聚合,能够更好的分页
三、sources类型
sources参数中定义了,复合聚合的组成源数据
测试数据
GET kibana_sample_data_logs/_search
{"size": 1}
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "kibana_sample_data_logs",
"_type" : "_doc",
"_id" : "4O9NX3kBTG9UhPTpZasD",
"_score" : 1.0,
"_source" : {"agent" : "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)",
"bytes" : 7525,
"clientip" : "60.103.76.51",
"extension" : "css",
"geo" : {
"srcdest" : "IN:TW",
"src" : "IN",
"dest" : "TW",
"coordinates" : {
"lat" : 35.23199833,
"lon" : -102.3990931
}
},
"host" : "cdn.elastic-elastic-elastic.org",
"index" : "kibana_sample_data_logs",
"ip" : "60.103.76.51",
"machine" : {
"ram" : 2147483648,
"os" : "ios"
},
"memory" : null,
"message" : "60.103.76.51 - - [2018-08-10T10:14:00.227Z] \"GET /styles/ads.css HTTP/1.1\"200 7525 \"-\"\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\"","phpmemory": null,"referer":"http://twitter.com/success/sandra-magnus","request":"/styles/ads.css","response": 200,"tags": ["success","security"],"timestamp":"2021-05-21T10:14:00.227Z","url":"https://cdn.elastic-elastic-elastic.org/styles/ads.css","utc_time":"2021-05-21T10:14:00.227Z","event": {"dataset":"sample_web_logs"}
}
}
]
}
}
3.1 terms
一般的 terms 聚合
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"terms": {
"field": "clientip",
"size": 3
}
}
}
}
{
"took" : 14,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 13919,
"buckets" : [
{
"key" : "30.156.16.164",
"doc_count" : 100
},
{
"key" : "164.85.94.243",
"doc_count" : 29
},
{
"key" : "50.184.59.162",
"doc_count" : 26
}
]
}
}
}
composite聚合中的terms
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"composite": {
"size": 3,
"sources": [
{
"clientipAggs": {
"terms": {
"field": "clientip",
"order": "asc"
}
}
}
]
}
}
}
}
{
"took" : 6,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"after_key" : {"clientipAggs" : "0.209.144.101"},
"buckets" : [
{
"key" : {"clientipAggs" : "0.72.176.46"},
"doc_count" : 14
},
{
"key" : {"clientipAggs" : "0.207.229.147"},
"doc_count" : 11
},
{
"key" : {"clientipAggs" : "0.209.144.101"},
"doc_count" : 14
}
]
}
}
}3.2 histogram
一般的 histogram 聚合
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"histogram": {
"field": "bytes",
"interval": 5000
}
}
}
}
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"buckets" : [
{
"key" : 0.0,
"doc_count" : 6377
},
{
"key" : 5000.0,
"doc_count" : 6995
},
{
"key" : 10000.0,
"doc_count" : 375
},
{
"key" : 15000.0,
"doc_count" : 327
}
]
}
}
}
composite聚合中的histogram
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"composite": {
"sources": [
{
"bytesAggs": {
"histogram": {
"field": "bytes",
"interval": 5000
}
}
}
]
}
}
}
}
{
"took" : 19,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"after_key" : {"bytesAggs" : 15000.0},
"buckets" : [
{
"key" : {"bytesAggs" : 0.0},
"doc_count" : 6377
},
{
"key" : {"bytesAggs" : 5000.0},
"doc_count" : 6995
},
{
"key" : {"bytesAggs" : 10000.0},
"doc_count" : 375
},
{
"key" : {"bytesAggs" : 15000.0},
"doc_count" : 327
}
]
}
}
}
3.3 date_histogram
一般的工夫聚合
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"date_histogram": {
"field": "timestamp",
"interval": "1M"
}
}
}
}
{
"took" : 5,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"buckets" : [
{
"key_as_string" : "2021-05-01T00:00:00.000Z",
"key" : 1619827200000,
"doc_count" : 6926
},
{
"key_as_string" : "2021-06-01T00:00:00.000Z",
"key" : 1622505600000,
"doc_count" : 6943
},
{
"key_as_string" : "2021-07-01T00:00:00.000Z",
"key" : 1625097600000,
"doc_count" : 205
}
]
}
}
}
composite中的date_histogram
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"composite": {
"sources": [
{
"dateAggs": {
"date_histogram": {
"field": "timestamp",
"interval": "1M"
}
}
}
]
}
}
}
}
{
"took" : 28,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"after_key" : {"dateAggs" : 1625097600000},
"buckets" : [
{
"key" : {"dateAggs" : 1619827200000},
"doc_count" : 6926
},
{
"key" : {"dateAggs" : 1622505600000},
"doc_count" : 6943
},
{
"key" : {"dateAggs" : 1625097600000},
"doc_count" : 205
}
]
}
}
}3.4 地理位置
3.5 多种混合
一般的混合
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"terms": {
"field": "clientip",
"size": 3
}
},
"aggs2": {
"date_histogram": {
"field": "timestamp",
"interval": "month"
}
}
}
}
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs2" : {
"buckets" : [
{
"key_as_string" : "2021-05-01T00:00:00.000Z",
"key" : 1619827200000,
"doc_count" : 6926
},
{
"key_as_string" : "2021-06-01T00:00:00.000Z",
"key" : 1622505600000,
"doc_count" : 6943
},
{
"key_as_string" : "2021-07-01T00:00:00.000Z",
"key" : 1625097600000,
"doc_count" : 205
}
]
},
"aggs1" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 13919,
"buckets" : [
{
"key" : "30.156.16.164",
"doc_count" : 100
},
{
"key" : "164.85.94.243",
"doc_count" : 29
},
{
"key" : "50.184.59.162",
"doc_count" : 26
}
]
}
}
}
composite中的混合source
GET kibana_sample_data_logs/_search
{
"size": 0,
"aggs": {
"aggs1": {
"composite": {
"size": 3,
"sources": [
{
"clientipAggs": {
"terms": {"field": "clientip"}
}
},
{
"dateAggs": {
"date_histogram": {
"field": "timestamp",
"interval": "month"
}
}
}
]
}
}
}
}
{
"took" : 6,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : []},
"aggregations" : {
"aggs1" : {
"after_key" : {
"clientipAggs" : "0.207.229.147",
"dateAggs" : 1619827200000
},
"buckets" : [
{
"key" : {
"clientipAggs" : "0.72.176.46",
"dateAggs" : 1619827200000
},
"doc_count" : 6
},
{
"key" : {
"clientipAggs" : "0.72.176.46",
"dateAggs" : 1622505600000
},
"doc_count" : 8
},
{
"key" : {
"clientipAggs" : "0.207.229.147",
"dateAggs" : 1619827200000
},
"doc_count" : 6
}
]
}
}
}
四、排序
正文完