我想用Elastic Search查询API中每个状态的计数(SUSPECT和CLEAR),Elastic Search中的数据是这样的--示例数据--。
{
"_index" : "index_name"
"_type" : "_doc",
"_id" : "id1",
"_score" : 1.0,
"_source" : {
"slflag" : "SUSPECT",
"state_name" : "UTTAR PRADESH",
}
{
"_index" : "index_name",
"_type" : "_doc",
"_id" : id2",
"_score" : 1.0,
"_source" : {
"slflag" : "CLEAR",
"state_name" : "UTTAR PRADESH",
}
{
"_index" : "index_name"
"_type" : "_doc",
"_id" : "id3",
"_score" : 1.0,
"_source" : {
"slflag" : "SUSPECT",
"state_name" : "Delhi",
}
{
"_index" : "index_name",
"_type" : "_doc",
"_id" : id4",
"_score" : 1.0,
"_source" : {
"slflag" : "CLEAR",
"state_name" : "Madhya Pradesh",
}
{
"_index" : "index_name"
"_type" : "_doc",
"_id" : "id5",
"_score" : 1.0,
"_source" : {
"slflag" : "SUSPECT",
"state_name" : "Rajasthan",
}
{
"_index" : "index_name",
"_type" : "_doc",
"_id" : id6",
"_score" : 1.0,
"_source" : {
"slflag" : "CLEAR",
"state_name" : "Bihar",
}
字段是--state_name, slflag在slflag字段中我们有两个类别--"SUSPECT "和 "CLEAR"
我想做一个查询来得到这样的结果------。
{
"stateName": "UTTAR PRADESH",
"clear": 688,
"suspect": 182
},
{
"stateName": "Bihar",
"clear": 398456,
"suspect": 117110
},
{
"stateName": "Rajasthan",
"clear": 688,
"suspect": 182
},
{
"stateName": "Delhi",
"clear": 12096,
"suspect": 984
}
我不知道如何计算每个状态的slflag。
先谢谢了。
获取index-
{
"index" : {
"aliases" : { },
"mappings" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"slflag" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"state_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"wl_d_ind" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"settings" : {
"index" : {
"creation_date" : "1587554261571",
"number_of_shards" : "1",
"number_of_replicas" : "1",
"uuid" : "zFKQmxyTSsyoVLRoCC_3IA",
"version" : {
"created" : "7060199"
},
"provided_name" : "index"
}
}
}
}
我试过下面-
GET /index/_search
{
"size": 0,
"aggs": {
"states": {
"terms": {
"field": "state_name.keyword",
"size": 100
},
"aggs": {
"flag": {
"terms": {
"field": "slflag.keyword"
}
}
}
}
}
}
以上结果在-
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"states" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "UTTAR PRADESH",
"doc_count" : 5403369,
"flag" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "CLEAR",
"doc_count" : 4540278
},
{
"key" : "SUSPECT",
"doc_count" : 863091
}
]
}
},
{
"key" : "RAJASTHAN",
"doc_count" : 2239768,
"flag" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "CLEAR",
"doc_count" : 1866196
},
{
"key" : "SUSPECT",
"doc_count" : 373572
}
]
}
},
{
"key" : "GOA",
"doc_count" : 12,
"flag" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "CLEAR",
"doc_count" : 12
}
]
}
}
]
}
}
}
你需要先对以下数据进行聚合 stateName 进而 slflag,像这样。
GET index_name/_search?filter_path=**.key,**.doc_count
{
"size": 0,
"aggs": {
"states": {
"terms": {
"field": "state_name.keyword",
"size": 100
},
"aggs": {
"flag": {
"terms": {
"field": "slflag.keyword"
}
}
}
}
}
}