分组聚合
POST razor_v1/event/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "acc"
}
}
}
}
{
"aggs": {
"acc_max": {
"max": {
"field": "acc"
}
}
}
}
{
"aggs": {
"acc_sum": {
"sum": {
"field": "acc"
}
}
}
}
基数聚合 cardinality aggregation
POST razor_v1/event/_search?search_type=count
{
"aggs": {
"distinct_userids": {
"cardinality": {
"field": "useridentifier"
}
}
}
}
多值度量聚合 multi-value metrics aggregation
POST razor_v1/event/_search?search_type=count
{
"aggs": {
"acc_stats": {
"extended_stats": {
"field": "acc"
}
}
}
}
结果
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"acc_stats": {
"count": 10750,
"min": 1,
"max": 5,
"avg": 3.0275348837209304,
"sum": 32546,
"sum_of_squares": 120210,
"variance": 2.0163581092482414,
"std_deviation": 1.4199852496586862,
"std_deviation_bounds": {
"upper": 5.867505383038303,
"lower": 0.18756438440355794
}
}
}
}
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"acc_stats": {
"count": 10750,
"min": 1,
"max": 5,
"avg": 3.0275348837209304,
"sum": 32546,
"sum_of_squares": 120210,
"variance": 2.0163581092482414,
"std_deviation": 1.4199852496586862,
"std_deviation_bounds": {
"upper": 5.867505383038303,
"lower": 0.18756438440355794
}
}
}
}
多指标应用 桶
{
"aggs": {
"userids": {
"terms": {
"field": "useridentifier"
},
"aggs": {
"avg_acc": {
"avg": {
"field": "acc"
}
}
}
}
}
}
结果 写道
{
"took": 9,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
}
}
]
}
}
}
"took": 9,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
}
}
]
}
}
}
桶中的桶
{
"aggs": {
"userids": {
"terms": {
"field": "useridentifier"
},
"aggs": {
"avg_acc": {
"avg": {
"field": "acc"
}
},
"make": {
"terms": {
"field": "version"
}
}
}
}
}
}
结果 写道
{
"took": 46,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "redis",
"doc_count": 513,
"avg_acc": {
"value": 2.982456140350877
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.0",
"doc_count": 89
}
]
}
}
,
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 136
}
,
{
"key": "2.4",
"doc_count": 74
}
]
}
}
,
{
"key": "uuidd",
"doc_count": 479,
"avg_acc": {
"value": 2.9958246346555324
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 116
}
,
{
"key": "2.0",
"doc_count": 71
}
]
}
}
,
{
"key": "dawn",
"doc_count": 477,
"avg_acc": {
"value": 2.989517819706499
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 122
}
,
{
"key": "2.0",
"doc_count": 93
}
]
}
}
,
{
"key": "dbus",
"doc_count": 477,
"avg_acc": {
"value": 3.0943396226415096
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 128
}
,
{
"key": "2.0",
"doc_count": 76
}
]
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 138
}
,
{
"key": "2.0",
"doc_count": 74
}
]
}
}
,
{
"key": "http",
"doc_count": 460,
"avg_acc": {
"value": 3.0282608695652176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 135
}
,
{
"key": "2.0",
"doc_count": 78
}
]
}
}
,
{
"key": "ntp",
"doc_count": 458,
"avg_acc": {
"value": 2.997816593886463
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.4",
"doc_count": 71
}
]
}
}
,
{
"key": "daemon",
"doc_count": 456,
"avg_acc": {
"value": 2.9846491228070176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 132
}
,
{
"key": "2.4",
"doc_count": 78
}
]
}
}
,
{
"key": "nobody",
"doc_count": 448,
"avg_acc": {
"value": 3.127232142857143
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 124
}
,
{
"key": "1.2",
"doc_count": 66
}
]
}
}
]
}
}
}
"took": 46,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "redis",
"doc_count": 513,
"avg_acc": {
"value": 2.982456140350877
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.0",
"doc_count": 89
}
]
}
}
,
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 136
}
,
{
"key": "2.4",
"doc_count": 74
}
]
}
}
,
{
"key": "uuidd",
"doc_count": 479,
"avg_acc": {
"value": 2.9958246346555324
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 116
}
,
{
"key": "2.0",
"doc_count": 71
}
]
}
}
,
{
"key": "dawn",
"doc_count": 477,
"avg_acc": {
"value": 2.989517819706499
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 122
}
,
{
"key": "2.0",
"doc_count": 93
}
]
}
}
,
{
"key": "dbus",
"doc_count": 477,
"avg_acc": {
"value": 3.0943396226415096
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 128
}
,
{
"key": "2.0",
"doc_count": 76
}
]
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 138
}
,
{
"key": "2.0",
"doc_count": 74
}
]
}
}
,
{
"key": "http",
"doc_count": 460,
"avg_acc": {
"value": 3.0282608695652176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 135
}
,
{
"key": "2.0",
"doc_count": 78
}
]
}
}
,
{
"key": "ntp",
"doc_count": 458,
"avg_acc": {
"value": 2.997816593886463
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.4",
"doc_count": 71
}
]
}
}
,
{
"key": "daemon",
"doc_count": 456,
"avg_acc": {
"value": 2.9846491228070176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 132
}
,
{
"key": "2.4",
"doc_count": 78
}
]
}
}
,
{
"key": "nobody",
"doc_count": 448,
"avg_acc": {
"value": 3.127232142857143
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 124
}
,
{
"key": "1.2",
"doc_count": 66
}
]
}
}
]
}
}
}
参考:
聚合的测试数据(Aggregation Test-Drive 译文);
相关推荐
方法如果传总页数了,es就不用查询总页数,直接通过开始位置到结束位置取数即可
ES 聚合查询结果转换成相应的对象集合,ES 聚合查询结果转换成相应的对象集合
elasticsearch聚合
Elasticsearch聚合 之 Terms
elasticsearch先聚合然后通过聚合后的值再进行过滤 a
Elasticsearch聚合分析实战(2) 博客地址:https://blog.csdn.net/neweastsun/article/details/104324747
elasticsearch脚本实现先聚合,然后使用聚合的值进行后过滤
ElasticSearch对数据进行聚合并对聚合结果值进行过滤查询
聚合查询分页测试termsAgg.size(2147483647); //指定最大统计显示多少行步骤1:全量聚合,size设置为: 2147483647。 ES5.X/6.X版本设置为2147483647 ,它等于2^31-1,请看该地方代码
Elasticsearch聚合分析实战(2) 本文在前文基础上进一步通过学习度量分析和分组分析。示例数据可以点击这里下载。 环境准备 系统中提供1000条employee数据,读者可以通过POST /employees/_bulk命令批量插入至elastic...
Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和分享对数据的见解,并管理和监控堆栈。 Elasticsearch 为所有类型的数据提供近乎实时的...
基于SpringBoot+elasticsearch的操作项目,包含各种es的操作(插入记录、精准搜索、模糊搜索、聚合查询等) 基于SpringBoot+elasticsearch的操作项目,包含各种es的操作(插入记录、精准搜索、模糊搜索、聚合查询等...
主要介绍了java使用elasticsearch分组进行聚合查询过程解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
es的简单查询和聚合查询用法说明,用于理解es的聚合查询和简单查询的思路过程,便于快速的应用es, 希望能有所帮助,谢谢
类似于关系型数据库中的 SUM,AVG, GROUP BY 等,Elasticsearch 也提供了丰富的聚合运算方式,可以满足大部分分析和查询场景。 Doc Values 和 Field Data 在学习聚合分析之前,我们先了解一下 Doc Values 和 Field ...
这将破坏与此初始版本的代码兼容性在任何查询级别支持多个聚合(当前所有分桶聚合都嵌套在前一个聚合中) 提高库的整体灵活性,现在这只适用于琐碎的用例为所有现有的聚合查询编写测试使用 4 个空格而不是制表符?...
elasticsearch嵌套聚合dsl
Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和分享对数据的见解,并管理和监控堆栈。 Elasticsearch 为所有类型的数据提供近乎实时的...
elasticsearch官网给的java API太过于片面,自己深究用java写的工具类集合,包括mapping创建,批量插入,聚合,模糊查询,精确查询等功能。
全面分析 Elasticsearch本质,如全文本搜索分析、 查询、 筛选器和聚合;使用 Kibana创建各种可视化和交互式仪表板,并使用Storm和 Elasticsearch分类现实世界的流数据以及相关的其他主题。 本书适合从事大数据分析...