ElasticSearch中的ElasticSearch排序聚合?

2w3kk1z5  于 2021-06-14  发布在  ElasticSearch
关注(0)|答案(1)|浏览(460)

我有一个用例,我需要从elasticsearch获得所有唯一的用户id,并且应该按时间戳排序。
我目前使用的是复合术语聚合和子聚合,子聚合将返回最新的时间戳。
(我无法在客户端对其进行排序,因为它会减慢脚本的速度)
ElasticSearch中的样本数据

{
  "_index": "logstash-2020.10.29",
  "_type": "doc",
  "_id": "L0Urc3UBttS_uoEtubDk",
  "_version": 1,
  "_score": null,
  "_source": {
    "@version": "1",
    "@timestamp": "2020-10-29T06:56:00.000Z",
    "timestamp_string": "1603954560",
    "search_query": "example 3",
    "user_uuid": "asdfrghcwehf",
    "browsing_url": "https://www.google.com/search?q=example+3",
  },
  "fields": {
    "@timestamp": [
      "2020-10-29T06:56:00.000Z"
    ]
  },
  "sort": [
    1603954560000
  ]
}

预期产量:

[
        {
          "key" : "bjvexyducsls",
          "doc_count" : 846,
          "1" : {
            "value" : 1.603948557E12,
            "value_as_string" : "2020-10-29T05:15:57.000Z"
          }
        },
        {
          "key" : "lhmsbq2osski",
          "doc_count" : 420,
          "1" : {
            "value" : 1.6039476E12,
            "value_as_string" : "2020-10-29T05:00:00.000Z"
          }
        },
        {
          "key" : "m2wiaufcbvvi",
          "doc_count" : 1,
          "1" : {
            "value" : 1.603893635E12,
            "value_as_string" : "2020-10-28T14:00:35.000Z"
          }
        },
        {
          "key" : "rrm3vd5ovqwg",
          "doc_count" : 1,
          "1" : {
            "value" : 1.60389362E12,
            "value_as_string" : "2020-10-28T14:00:20.000Z"
          }
        },
        {
          "key" : "x42lk4t3frfc",
          "doc_count" : 72,
          "1" : {
            "value" : 1.60389318E12,
            "value_as_string" : "2020-10-28T13:53:00.000Z"
          }
        }
      ]
elasticsearchelastic-stackelkdslquerydsl

1条答案

按热度按时间
sbtkgmzw

sbtkgmzw1#

添加索引数据、Map、搜索查询和搜索结果的工作示例
索引Map:

{
  "mappings":{
    "properties":{
      "user":{
        "type":"keyword"
      },
      "date":{
        "type":"date"
      }
    }
  }
}

索引数据:

{
  "date": "2015-01-01",
  "user": "user1"
}
{
  "date": "2014-01-01",
  "user": "user2"
}
{
  "date": "2015-01-11",
  "user": "user3"
}

搜索查询:

{
  "size": 0,
  "aggs": {
    "user_id": {
      "terms": {
        "field": "user",
        "order": {
          "sort_user": "asc"
        }
      },
      "aggs": {
        "sort_user": {
          "min": {
            "field": "date"
          }
        }
      }
    }
  }
}

搜索结果:

"aggregations": {
    "user_id": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "user2",
          "doc_count": 1,
          "sort_user": {
            "value": 1.3885344E12,
            "value_as_string": "2014-01-01T00:00:00.000Z"
          }
        },
        {
          "key": "user1",
          "doc_count": 1,
          "sort_user": {
            "value": 1.4200704E12,
            "value_as_string": "2015-01-01T00:00:00.000Z"
          }
        },
        {
          "key": "user3",
          "doc_count": 1,
          "sort_user": {
            "value": 1.4209344E12,
            "value_as_string": "2015-01-11T00:00:00.000Z"
          }
        }
      ]
    }
赞(0)分享  回复(0)举报  2021-06-14
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com