elasticsearch聚合类似于组\u concat

vzgqcmou 于 2021-06-10 发布在 ElasticSearch

关注(0)|答案(1)|浏览(631)

我是elasticsearch的新手，我想创建一个组\u concat聚合。但我不知道怎么做。有人能帮帮我吗。
示例数据：

POST /example_measures/_bulk
{"index":{"_id":1}}
{"id":"1","datapoint_id":"1","datetime":"1577833200000","value":"5"}
{"index":{"_id":2}}
{"id":"2","datapoint_id":"2","datetime":"1577833210000","value":"51"}
{"index":{"_id":3}}
{"id":"3","datapoint_id":"2","datetime":"1577833220000","value":"77"}

我想用sql表达什么：

select 
datapoint_id, 
group_concat(`datetime` order by `datetime` SEPARATOR ',' limit 5) as dt, 
group_concat(`value` order by `datetime` SEPARATOR ',' limit 5) as val 
from example_measures 
group by datapoint_id;

我想每个数据点有2个数组。一个带时间戳，一个带值。
我在sql语法方面没有成功，因为sql输入中不支持group\u concat：

POST /_sql?format=txt
{
  "query":"..."
}

我使用kibana和dev工具进行输入。

elasticsearch Aggregation group-concat

来源：https://stackoverflow.com/questions/64959845/elasticsearch-aggregation-similar-to-group-concat

1条答案

按热度按时间

vulvrdjw1#

您可以通过在聚合上使用术语来实现您的用例 datapoint_id 现场。这将创建bucket—一个pe唯一值 datapoint_id . 然后，您可以使用子聚合将bucket进一步嵌入到这些独特的bucket中。
搜索查询：

{
  "size": 0,
  "aggs": {
    "id": {
      "terms": {
        "field": "datapoint_id.keyword"
      },
      "aggs": {
        "dt": {
          "terms": {
            "field": "datetime.keyword",
            "order": { "_key" : "asc" },
            "size": 5
          }
        },
        "val": {
          "terms": {
            "field": "value.keyword",
            "size": 5
          }
        }
      }
    }
  }
}

搜索结果：

"aggregations": {
    "id": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "2",
          "doc_count": 2,
          "val": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "51",
                "doc_count": 1
              },
              {
                "key": "77",
                "doc_count": 1
              }
            ]
          },
          "dt": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "1577833210000",
                "doc_count": 1
              },
              {
                "key": "1577833220000",
                "doc_count": 1
              }
            ]
          }
        },
        {
          "key": "1",
          "doc_count": 1,
          "val": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "5",
                "doc_count": 1
              }
            ]
          },
          "dt": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "1577833200000",
                "doc_count": 1
              }
            ]
          }
        }
      ]
    }
  }

赞(0）回复(0）举报 2021-06-11

我来回答

elasticsearch聚合类似于组\u concat

1条答案

相关问题

热门标签

最新问答