Elasticsearch 7.x是否可以执行以下查询?
GET /graylog_*/_search
{
"aggregations": {
"hits__pod-b6a3b3e1ab4ddde42361e94107": {
"filters": {
"filters": [
{
"bool": {
"must": [
{
"terms": {
"episode_id": [
"pod-b6a3b3e1ab4ddde42361e94107"
]
}
}
]
}
}
]
},
"aggregations": {
"downloads": {
"filters": {
"filters": [
{
"bool": {
"must": [
{
"term": {
"status": {
"value": "200"
}
}
},
{
"range": {
"bytes_sent": {
"from": 2097152,
"to": null,
"include_lower": true,
"include_upper": true
}
}
}
]
}
}
]
},
"aggregations": {
"medias": {
"terms": {
"field": "episode_id",
"size": 5,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
},
"allStreams": {
"filter": {
"bool": {
"must": [
{
"term": {
"status": {
"value": "206",
"boost": 1.0
}
}
}
]
}
},
"aggregations": {
"streams": {
"date_histogram": {
"field": "time",
"format": "yyyy-MM-dd",
"calendar_interval": "day"
},
"aggregations": {
"streams": {
"multi_terms": {
"size": 65536,
"min_doc_count": 1,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
],
"terms": [
{
"field": "media"
},
{
"field": "ip_hash"
},
{
"field": "http_user_agent"
}
]
},
"aggregations": {
"transferred": {
"sum": {
"field": "bytes_sent"
}
},
"threshold": {
"bucket_selector": {
"buckets_path": {
"total": "transferred"
},
"script": {
"source": "params.total > 2097152",
"lang": "painless"
}
}
}
}
},
"valid_streams": {
"stats_bucket": {
"buckets_path": [
"streams>transferred"
]
}
}
}
}
}
},
"hits_in_sum": {
"bucket_script": {
"buckets_path": {
"sum1": "allStreams>streams>valid_streams.count",
"sum2": "downloads"
},
"script": {
"source": "params.sum1 + params.sum2",
"lang": "painless"
}
}
}
}
}
},
"size": 0,
"track_total_hits": false
}我得到这个错误:
Elastic\Elasticsearch\Exception\ServerResponseException
500 Internal Server Error: {"error":{"root_cause":[],"type":"search_phase_execution_exception","reason":"","phase":"fetch","grouped":true,"failed_shards":[],"caused_by":{"type":"aggregation_execution_exception","reason":"buckets_path must reference either a number value or a single value numeric metric aggregation, got: [Object[]] at aggregation [allStreams]"}},"status":500}以下是有问题的部分:
{
"hits_in_sum": {
"bucket_script": {
"buckets_path": {
"sum1": "allStreams>streams>valid_streams.count",
"sum2": "downloads"
},
"script": {
"source": "params.sum1 + params.sum2",
"lang": "painless"
}
}
}
}这是Map:
{
"graylog_12": {
"mappings": {
"dynamic_templates": [
{
"internal_fields": {
"match": "gl2_*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"store_generic": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"body_bytes_sent": {
"type": "keyword"
},
"bytes_sent": {
"type": "long"
},
"collection_id": {
"type": "keyword"
},
"domain": {
"type": "keyword"
},
"episode_id": {
"type": "keyword"
},
"facility": {
"type": "keyword"
},
"facility_num": {
"type": "long"
},
"feed": {
"type": "keyword"
},
"from_nginx": {
"type": "keyword"
},
"full_message": {
"type": "text",
"analyzer": "standard"
},
"geo": {
"properties": {
"city": {
"properties": {
"geoname_id": {
"type": "long"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
}
}
},
"continent": {
"properties": {
"code": {
"type": "keyword"
},
"geoname_id": {
"type": "long"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
}
}
},
"coordinates": {
"type": "keyword"
},
"country": {
"properties": {
"geoname_id": {
"type": "long"
},
"is_in_european_union": {
"type": "boolean"
},
"iso_code": {
"type": "keyword"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
}
}
},
"location": {
"properties": {
"accuracy_radius": {
"type": "long"
},
"latitude": {
"type": "float"
},
"longitude": {
"type": "float"
},
"metro_code": {
"type": "long"
},
"time_zone": {
"type": "keyword"
}
}
},
"postal": {
"properties": {
"code": {
"type": "keyword"
}
}
},
"registered_country": {
"properties": {
"geoname_id": {
"type": "long"
},
"is_in_european_union": {
"type": "boolean"
},
"iso_code": {
"type": "keyword"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
}
}
},
"represented_country": {
"properties": {
"geoname_id": {
"type": "long"
},
"is_in_european_union": {
"type": "boolean"
},
"iso_code": {
"type": "keyword"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
},
"type": {
"type": "keyword"
}
}
},
"subdivisions": {
"properties": {
"geoname_id": {
"type": "long"
},
"iso_code": {
"type": "keyword"
},
"names": {
"properties": {
"de": {
"type": "keyword"
},
"en": {
"type": "keyword"
},
"es": {
"type": "keyword"
},
"fr": {
"type": "keyword"
},
"ja": {
"type": "keyword"
},
"pt-BR": {
"type": "keyword"
},
"ru": {
"type": "keyword"
},
"zh-CN": {
"type": "keyword"
}
}
}
}
},
"traits": {
"properties": {
"ip_address": {
"type": "keyword"
},
"is_anonymous": {
"type": "boolean"
},
"is_anonymous_proxy": {
"type": "boolean"
},
"is_anonymous_vpn": {
"type": "boolean"
},
"is_hosting_provider": {
"type": "boolean"
},
"is_legitimate_proxy": {
"type": "boolean"
},
"is_public_proxy": {
"type": "boolean"
},
"is_satellite_provider": {
"type": "boolean"
},
"is_tor_exit_node": {
"type": "boolean"
}
}
}
}
},
"gl2_accounted_message_size": {
"type": "long"
},
"gl2_message_id": {
"type": "keyword"
},
"gl2_processing_error": {
"type": "keyword"
},
"gl2_processing_timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"gl2_receive_timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"gl2_remote_ip": {
"type": "keyword"
},
"gl2_remote_port": {
"type": "long"
},
"gl2_source_input": {
"type": "keyword"
},
"gl2_source_node": {
"type": "keyword"
},
"http_referrer": {
"type": "keyword"
},
"http_user_agent": {
"type": "keyword"
},
"http_version": {
"type": "keyword"
},
"http_x_forwarded_for": {
"type": "keyword"
},
"ip_hash": {
"type": "keyword"
},
"json": {
"type": "keyword"
},
"level": {
"type": "long"
},
"media": {
"type": "keyword"
},
"message": {
"type": "text",
"analyzer": "standard"
},
"nginx_access": {
"type": "boolean"
},
"nginx_server_type": {
"type": "keyword"
},
"origin": {
"type": "keyword"
},
"remote_addr": {
"type": "keyword"
},
"remote_user": {
"type": "keyword"
},
"request": {
"type": "keyword"
},
"request_body": {
"type": "keyword"
},
"request_method": {
"type": "keyword"
},
"request_scheme": {
"type": "keyword"
},
"request_time": {
"type": "keyword"
},
"source": {
"type": "text",
"analyzer": "analyzer_keyword",
"fielddata": true
},
"status": {
"type": "keyword"
},
"streams": {
"type": "keyword"
},
"time": {
"type": "date"
},
"timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"upstream_addr": {
"type": "keyword"
},
"upstream_cache_status": {
"type": "keyword"
},
"user_agent_details": {
"properties": {
"bot": {
"type": "boolean"
},
"brandname": {
"type": "keyword"
},
"category": {
"type": "keyword"
},
"client": {
"properties": {
"engine": {
"type": "keyword"
},
"engine_version": {
"type": "keyword"
},
"family": {
"type": "keyword"
},
"name": {
"type": "keyword"
},
"short_name": {
"type": "keyword"
},
"type": {
"type": "keyword"
},
"version": {
"type": "keyword"
}
}
},
"device": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword"
}
}
},
"devicetype": {
"properties": {
"browser": {
"type": "boolean"
},
"camera": {
"type": "boolean"
},
"carbrowser": {
"type": "boolean"
},
"console": {
"type": "boolean"
},
"desktop": {
"type": "boolean"
},
"featurephone": {
"type": "boolean"
},
"feedreader": {
"type": "boolean"
},
"mediaplayer": {
"type": "boolean"
},
"mobile": {
"type": "boolean"
},
"mobileapp": {
"type": "boolean"
},
"peripheral": {
"type": "boolean"
},
"phablet": {
"type": "boolean"
},
"pim": {
"type": "boolean"
},
"portablemediaplay": {
"type": "boolean"
},
"smartdisplay": {
"type": "boolean"
},
"smartphone": {
"type": "boolean"
},
"smartspeaker": {
"type": "boolean"
},
"tablet": {
"type": "boolean"
},
"touchenabled": {
"type": "boolean"
},
"tv": {
"type": "boolean"
},
"wearable": {
"type": "boolean"
}
}
},
"model": {
"type": "keyword"
},
"name": {
"type": "keyword"
},
"os": {
"properties": {
"family": {
"type": "keyword"
},
"name": {
"type": "keyword"
},
"platform": {
"type": "keyword"
},
"short_name": {
"type": "keyword"
},
"version": {
"type": "keyword"
}
}
},
"producer": {
"properties": {
"name": {
"type": "keyword"
},
"url": {
"type": "keyword"
}
}
},
"url": {
"type": "keyword"
},
"useragent": {
"type": "keyword"
}
}
},
"version": {
"type": "keyword"
}
}
}
}
}我真的不知道为什么这不起作用,或者我怎么能让它起作用。我已经浏览了SF上的每一篇文章,询问了CHatGPT,查看了Elastic论坛。我想我只是错过了一些明显的弹性新手。任何提示都非常欢迎!我完全被困在这里,我很想解决它。
谢谢你!
1条答案
按热度按时间knpiaxh11#
我使用Elastic Builder创建了一个与您的查询类似的查询
你可以尝试生成的JSON,看看是否仍然得到错误消息?