温馨提示:本文翻译自stackoverflow.com,查看原文请点击:kibana - Issue with nested aggregations ElasticSearch : doing a sum after a max
elasticsearch kibana

kibana - 嵌套聚合的问题ElasticSearch:在最大值之后求和

发布于 2020-03-29 21:46:47

我知道度量聚合无法实现子聚合,并且Elasticsearch支持带有存储桶的子聚合。但是我对如何做到这一点有些迷茫。

我想在嵌套聚合之后以及在通过最大时间戳聚合之后进行总和。

类似于下面的代码,给我这个错误:“类型[max]的聚合器[max_date_aggs]无法接受子聚合”,这是正常现象。有没有办法使它起作用?

{
"aggs": {
    "sender_comp_aggs": {
        "terms": {
            "field": "senderComponent"
        },
        "aggs": {
            "activity_mnemo_aggs": {
                "terms": {
                    "field": "activityMnemo"
                },
                "aggs": {
                    "activity_instance_id_aggs": {
                        "terms": {
                            "field": "activityInstanceId"
                        },
                        "aggs": {
                            "business_date_aggs": {
                                "terms": {
                                    "field": "correlationIdSet.businessDate"
                                },
                                "aggs": {
                                    "context_set_id_closing_aggs": {
                                        "terms": {
                                            "field": "contextSetId.closing"
                                        },
                                        "aggs": {
                                            "max_date_aggs": {
                                                "max": {
                                                    "field": "timestamp"
                                                },
                                                "aggs" : {
                                                    "sum_done": {
                                                        "sum": {
                                                            "field": "itemNumberDone"
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

谢谢

查看更多

提问者
SophiP
被浏览
456
分享
Daniel Schneiter 2020-02-01 23:41

我不确定100%想要实现什么,如果您也将共享映射会有所帮助。

桶聚合是关于定义桶/组的。正如您在示例中所做的那样,您可以包装/嵌套存储桶聚合,以进一步将存储桶分解为子存储桶,依此类推。

默认情况下,Elasticsearch总是计算计数指标,但是您也可以指定其他指标以进行计算。一个指标是针对每个存储桶/针对一个存储桶(而不是另一个指标)计算的,这就是为什么您不能将一个指标聚合嵌套在一个指标聚合之下,这根本没有意义。

根据数据的外观,您可能需要做的唯一更改是将sum_done聚合移出-clause aggs,移到与max_date_aggs-aggregation 相同的级别

代码段

"aggs": {
  "max_date_aggs": { "max": {"field": "timestamp"} },
  "sum_done": { "sum": { "field": "itemNumberDone"} }
}

在您提出问题并提出问题之后,我设法提出了一个需要一个请求的解决方案。如前所述,sum-metric聚合需要在存储桶而不是度量上进行操作。解决方案非常简单:无需计算max-date,只需将该聚合重新计算terms-aggregation,然后按时间戳记降序排序即可,只需要一个存储桶即可。

GET gos_element/_search
{
  "size": 0, 
  "aggs": {
    "sender_comp_aggs": {
      "terms": {"field": "senderComponent.keyword"},
      "aggs": {
        "activity_mnemo_aggs": {
          "terms": {"field": "activityMnemo.keyword"},
          "aggs": {
            "activity_instance_id_aggs": {
              "terms": {"field": "activityInstanceId.keyword"},
              "aggs": {
                "business_date_aggs": {
                  "terms": {"field": "correlationIdSet.businessDate"},
                  "aggs": {
                    "context_set_id_closing_aggs": {
                      "terms": {"field": "contextSetId.closing.keyword"},
                      "aggs": {
                        "max_date_bucket_aggs": {
                          "terms": {
                            "field": "timestamp",
                            "size": 1, 
                            "order": {"_key": "desc"} 
                          },
                          "aggs": {
                            "sum_done": {
                              "sum": {"field": "itemNumberDone"}
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}

当我依靠默认的Elasticsearch映射时,我不得不引用.keyword字段-version。如果您的字段直接映射到类型的字段keyword,则不需要这样做。

使用以下2条命令为您提供的文档建立索引后,您可以立即测试以上请求:

PUT gos_element/_doc/AW_yu3dIa2R_HwqpSz
{
  "senderComponent": "PS",
  "timestamp": "2020-01-28T02:31:00Z",
  "activityMnemo": "PScommand",
  "activityInstanceId": "123466",
  "activityStatus": "Progress",
  "activityStatusNumber": 300,
  "specificActivityStatus": "",
  "itemNumberTotal": 10,
  "itemNumberDone": 9,
  "itemNumberInError": 0,
  "itemNumberNotStarted": 1,
  "itemNumberInProgress": 0,
  "itemUnit": "Command",
  "itemList": [],
  "contextSetId": {
    "PV": "VAR",
    "closing": "PARIS"
  },
  "correlationIdSet": {
    "closing": "PARIS",
    "businessDate": "2020-01-27",
    "correlationId": "54947df8-0e9e-4471-a2f9-9af509fb5899"
  },
  "errorSet": [],
  "kpiSet": "",
  "activitySpecificPayload": "",
  "messageGroupUUID": "54947df8-0e9e-4471-a2f9-9af509fb5899"
}


PUT gos_element/_doc/AW_yu3dIa2R_HwqpSz8z
{
  "senderComponent": "PS",
  "timestamp": "2020-01-28T03:01:00Z",
  "activityMnemo": "PScommand",
  "activityInstanceId": "123466",
  "activityStatus": "End",
  "activityStatusNumber": 200,
  "specificActivityStatus": "",
  "itemNumberTotal": 10,
  "itemNumberDone": 10,
  "itemNumberInError": 0,
  "itemNumberNotStarted": 0,
  "itemNumberInProgress": 0,
  "itemUnit": "Command",
  "itemList": [],
  "contextSetId": {
    "PV": "VAR",
    "closing": "PARIS"
  },
  "correlationIdSet": {
    "closing": "PARIS",
    "businessDate": "2020-01-27",
    "correlationId": "54947df8-0e9e-4471-a2f9-9af509fb5899"
  },
  "errorSet": [],
  "errorMessages": "",
  "kpiSet": "",
  "activitySpecificPayload": "",
  "messageGroupUUID": "54947df8-0e9e-4471-a2f9-9af509fb5899"
}

结果,您将获得以下响应(预期值为10):

{
  "took" : 8,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "sender_comp_aggs" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "PS",
          "doc_count" : 2,
          "activity_mnemo_aggs" : {
            "doc_count_error_upper_bound" : 0,
            "sum_other_doc_count" : 0,
            "buckets" : [
              {
                "key" : "PScommand",
                "doc_count" : 2,
                "activity_instance_id_aggs" : {
                  "doc_count_error_upper_bound" : 0,
                  "sum_other_doc_count" : 0,
                  "buckets" : [
                    {
                      "key" : "123466",
                      "doc_count" : 2,
                      "business_date_aggs" : {
                        "doc_count_error_upper_bound" : 0,
                        "sum_other_doc_count" : 0,
                        "buckets" : [
                          {
                            "key" : 1580083200000,
                            "key_as_string" : "2020-01-27T00:00:00.000Z",
                            "doc_count" : 2,
                            "context_set_id_closing_aggs" : {
                              "doc_count_error_upper_bound" : 0,
                              "sum_other_doc_count" : 0,
                              "buckets" : [
                                {
                                  "key" : "PARIS",
                                  "doc_count" : 2,
                                  "max_date_bucket_aggs" : {
                                    "doc_count_error_upper_bound" : 0,
                                    "sum_other_doc_count" : 1,
                                    "buckets" : [
                                      {
                                        "key" : 1580180460000,
                                        "key_as_string" : "2020-01-28T03:01:00.000Z",
                                        "doc_count" : 1,
                                        "sum_done" : {
                                          "value" : 10.0
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      }
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  }
}
SophiP 2020-01-31 21:14:17

嗨,首先感谢您的快速回复!我尝试将sum_done与max_date_aggs移到同一级别。它向我显示了所有已完成项目的总和,而不是具有最大时间戳的已完成项目的总和。我也尝试使用存储桶,但我不知道如何获取字段itemNumberDone的总和。我将立即添加更多详细信息。

Daniel Schneiter 2020-01-31 21:18:50

哦,您想要实现的目标完全不同。您将需要一个存储桶/范围,所有具有该max_date作为值的文档。您最有可能必须在应用程序端解决此问题:-第一个请求:查询Elasticsearch以了解max_date(s)-第二个请求:使用带有单个max_dates的过滤器聚合作为过滤器来创建存储桶,然后您可以询问Elasticsearc求该存储桶中文档的总和。我可能还是想重新考虑您的数据模型,因为您已经有很多嵌套的聚合。

SophiP 2020-01-31 21:23:20

我尝试了存储桶,但不知道如何检索然后将itemNumberDone求和。我将为您提供映射和更多详细信息。

SophiP 2020-01-31 21:44:40

当您说“在应用程序端”时。您的意思是创建一个可以执行请求的后端?我想只用一个查询就没有后端(如果可能的话)。

SophiP 2020-02-03 17:16:54

谢谢,它奏效了!我通过“ _term”更改了“ _key”,并且效果很好。

相关问题

1
匹配查询格式不正确,查询名称后没有start_object“ Elasticsearch 7.1
2
具有动态index_name的Elasticsearch映射
3
ElasticSearch搜索空字段
4
从Spring应用单独登录到Elastic Stack
5
Elastic search上的索引包含并从搜索开始
6
按需搜索数据类型和Edge NGram令牌生成器有什么区别?
7
Kibana通过cmd启动时引发错误
8
如何使用NEST进行过滤器聚合?
9
当搜索词的单词多于索引时,如何匹配?
10
跳过数组中某些值的索引编制,但将其保留在_source中

热门github

1
real time face swap and one-click video deepfake with only a single image
2
A quick example of how one can "synchronize" a 3d scene across multiple windows using three.js and localStorage
3
ChatGPT DAN, Jailbreaks prompt
4
21 Lessons, Get Started Building with Generative AI 🔗 https://microsoft.github.io/generative-ai-for-beginners/ (翻译:12 节课程,开始使用生成式 AI 进行构建)
5
Curated list of project-based tutorials (翻译:收藏了基于项目的教程列表)
6
Truly independent web browser
7
Python - 100天从新手到大师
8
An open source payments switch written in Rust to make payments fast, reliable and affordable (翻译:YOLOv8 🚀 in PyTorch > ONNX > CoreML > TFLite)
9
Agent S: an open agentic framework that uses computers like a human
10
Master programming by recreating your favorite technologies from scratch. (翻译:在这个项目中,你能学会如何创造自己的各种工具,引擎,游戏,框架,库......)
11
Jelly Evolution Simulator
12
Collection of leaked system prompts
13
🤯 Lobe Chat - an open-source, modern-design AI chat framework. Supports Multi AI Providers( OpenAI / Claude 3 / Gemini / Ollama / DeepSeek / Qwen), Knowledge Base (file upload / knowledge management / RAG ), Multi-Modals (Plugins/Artifacts) and Thinking. One-click FREE deployment of your private ChatGPT/ Claude / DeepSeek application. (翻译:LobeChat 是开源的高性能聊天机器人框架,支持语音合成、多模态、可扩展的(Function Call)插件系统。)