如何根据elasticsearch中的输入字段获取字段的和值(输入字段和和和输出字段不同)

2ekbmq32 于 2021-06-10 发布在 ElasticSearch

关注(0)|答案(2)|浏览(430)

这是存在于ElasticSearch中的文档，它希望输出基于字段的值，在这些字段中，它返回高位和中位数之和，如果这些值大于零，则高位和中位数的值必须大于0

{
            "host_id": 1,
            "hostname": "Hostname1",
            "businesshierarchy": {
                "businessunit": "NON Unit",
                "Location":"Un",
                "Application":"App1"
            },
            "updatedts": 1601894092,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0
        },
        {
            "host_id": 2,
            "hostname": "Hostname2",
            "businesshierarchy": {
                "businessunit": "One Unit",
                "Location":"Un",
                "Application":"App2"
            },
            "updatedts": 1601894092,
            "critical": 0,
            "high": 1,
            "medium": 2,
            "low": 0
        },
        {
            "host_id": 3,
            "hostname": "Hostname3",
            "businesshierarchy": {
                "businessunit": "NON Unit",
                "Location":"Uk",
                "Application":"App2"
            },
            "updatedts": 1601894092,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0
        }

是否有任何查询或方法可以像ElasticSearch那样获得输出？
基于位置
位置-un高-2中-3
位置-英国高-2中-2
基于应用
应用程序-app1 high-1 medium-1
应用程序-app2 high-3 medium-4
或基于主机名
主机名-主机名1高-1中-1
主机名-主机名2高-1中-2
主机名-主机名3高-2中-2
businessunit也是如此。动态传递的字段名（如businessunit、hostname、application、location-based）希望获得count high和medium值（如上面的输出）。

elasticsearch go

来源：https://stackoverflow.com/questions/64218649/how-to-get-sum-value-for-fields-based-on-input-field-in-elasticsearch-input-fie

2条答案

按热度按时间

aij0ehis1#

我们可以使用这个查询来获得例外的结果

{
          "query": {
            "bool": {
              "filter": [
                {
                  "bool": {
                    "should": [
                      {
                        "range": {
                          "medium": {
                            "gt": 0
                          }
                        }
                      },
                      {
                        "range": {
                          "high": {
                            "gt": 0
                          }
                        }
                      }
                    ]
                  }
                }
              ]
            }
          },
          "aggs": {
            "fieldnames": {
              "terms": {
                "field": "hostname.keyword"
              },
              "aggs": {
                "medium": {
                  "sum": {
                    "field": "medium"
                  }
                },
                "high": {
                  "sum": {
                    "field": "high"
                  }
                }
              }
            }
          },
          "size": 0
        }

搜索结果如下

"aggregations": {
        "fieldnames": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
                {
                    "key": "ALL Unit",
                    "doc_count": 1,
                    "high": {
                        "value": 0.0
                    },
                    "medium": {
                        "value": 7.0
                    }
                },
                {
                    "key": "Latest Unit",
                    "doc_count": 1,
                    "high": {
                        "value": 0.0
                    },
                    "medium": {
                        "value": 5.0
                    }
                },
                {
                    "key": "NO Unit",
                    "doc_count": 1,
                    "high": {
                        "value": 1.0
                    },
                    "medium": {
                        "value": 1.0
                    }
                }
            ]
        }
    }

如果我们需要定位和应用的结果，只需要更改定位

"aggs": {
                "fieldnames": {
                  "terms": {
                    "field": "businesshierarchy.Application.keyword"
                  }

申请

"aggs": {
                    "fieldnames": {
                      "terms": {
                        "field": "businesshierarchy.Location.keyword"
                      }

如果Map是这样的，

{
  "mappings": {
    "properties": {
      "hostname": {
        "type": "keyword"
      },
      "businesshierarchy": {
        "properties": {
          "Location": {
            "type": "keyword"
          },
          "Application": {
            "type": "keyword"
          }
        }
      }
    }
  }
}

没有必要将.keyword添加到

"terms": {
             "field": "businesshierarchy.Location"
           }

赞(0）回复(0）举报 2021-06-10

mspsb9vt2#

添加一个使用索引Map、索引数据（与前面给出的相同）、搜索查询和搜索结果的工作示例
索引Map：

{
  "mappings": {
    "properties": {
      "hostname": {
        "type": "keyword"
      },
      "businesshierarchy": {
        "properties": {
          "Location": {
            "type": "keyword"
          },
          "Application": {
            "type": "keyword"
          }
        }
      }
    }
  }
}

搜索查询：

{
  "size": 0,
  "aggs": {
    "user": {
      "terms": {
        "field": "businesshierarchy.Location"
      },
      "aggs": {
        "top_user_hits": {
          "top_hits": {
            "_source": {
              "includes": [
                "high",
                "medium"
              ]
            }
          }
        },
        "high_sum": {
          "sum": {
            "field": "high"
          }
        },
        "medium_sum": {
          "sum": {
            "field": "medium"
          }
        }
      }
    }
  }
}

搜索结果：
根据位置

"aggregations": {
    "user": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "Un",
          "doc_count": 2,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 2,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "1",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 1
                  }
                },
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "2",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 2
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 2.0       <-- note this
          },
          "medium_sum": {
            "value": 3.0
          }
        },
        {
          "key": "Uk",
          "doc_count": 1,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "3",
                  "_score": 1.0,
                  "_source": {
                    "high": 2,
                    "medium": 2
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 2.0                       <-- note this
          },
          "medium_sum": {
            "value": 2.0
          }
        }
      ]
    }

对于基于应用程序替换项聚合的查询，如下所示：

"aggs": {
        "user": {
          "terms": {
            "field": "businesshierarchy.Application"
          },

将显示以下搜索结果：

"aggregations": {
    "user": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "App2",
          "doc_count": 2,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 2,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "3",
                  "_score": 1.0,
                  "_source": {
                    "high": 2,
                    "medium": 2
                  }
                },
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "2",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 2
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 3.0
          },
          "medium_sum": {
            "value": 4.0
          }
        },
        {
          "key": "App1",
          "doc_count": 1,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "1",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 1
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 1.0
          },
          "medium_sum": {
            "value": 1.0
          }
        }
      ]
    }

对于基于主机名替换项聚合的查询，如下所示：

"aggs": {
    "user": {
      "terms": {
        "field": "hostname"
      },

搜索结果将是：

"aggregations": {
    "user": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "Hostname1",
          "doc_count": 1,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "1",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 1
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 1.0
          },
          "medium_sum": {
            "value": 1.0
          }
        },
        {
          "key": "Hostname2",
          "doc_count": 1,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "2",
                  "_score": 1.0,
                  "_source": {
                    "high": 1,
                    "medium": 2
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 1.0
          },
          "medium_sum": {
            "value": 2.0
          }
        },
        {
          "key": "Hostname3",
          "doc_count": 1,
          "top_user_hits": {
            "hits": {
              "total": {
                "value": 1,
                "relation": "eq"
              },
              "max_score": 1.0,
              "hits": [
                {
                  "_index": "stof_64218649",
                  "_type": "_doc",
                  "_id": "3",
                  "_score": 1.0,
                  "_source": {
                    "high": 2,
                    "medium": 2
                  }
                }
              ]
            }
          },
          "high_sum": {
            "value": 2.0
          },
          "medium_sum": {
            "value": 2.0
          }
        }
      ]
    }

赞(0）回复(0）举报 2021-06-10

我来回答

如何根据elasticsearch中的输入字段获取字段的和值(输入字段和和和输出字段不同)

2条答案

相关问题

热门标签

最新问答