Elasticsearch常用复合查询
分组聚合
# 按照关键词word分组,再更具关键字分组(或者可以做其他操作,例如求平均值avg)
GET /tmpl-word-log*/_search
{
"size": 0,
"aggs": {
"group_by_word": {
"terms": {
"field": "word.keyword",
"size": 10
},
"aggs": {
"group_by_timestamp": {
"terms": {
"field": "character.keyword"
}
}
}
}
}
}
# 先按时间分组,在根据word的种类聚合(可以只设置一个时间段,来查询某个时间段的数据)
# "gte"和"lte"可以换成"from""to"
GET /tmpl-word-log*/_search
{
"size": 0,
"aggs": {
"group_by_timestamp": {
"range": {
"field": "@timestamp",
"ranges": [
{
"lt": "2018-09-12T00:00:00.000+0800"
},
{
"gte": "2018-09-10T00:00:00.000+0800",
"lte": "2018-09-16T00:00:00.000+0800"
},
{
"gt": "2018-09-16T00:00:00.000+0800"
}
]
},
"aggs": {
"group_by_word": {
"terms": {
"field": "word.keyword",
"size": 10
}
}
}
}
}
}相关文章