Kibana KQL中的连接查询

juud5qan  于 2022-12-09  发布在  Kibana
关注(0)|答案(1)|浏览(210)

我在ES中有三个日志,如

{"@timestamp":"2022-07-19T11:24:16.274073+05:30","log":{"level":200,"logger":"production","message":"BUY_ITEM1","context":{"user_id":31312},"datetime":"2022-07-19T11:24:16.274073+05:30","extra":{"ip":"127.0.0.1"}}}

{"@timestamp":"2022-07-19T11:24:16.274073+05:30","log":{"level":200,"logger":"production","message":"BUY_ITEM2","context":{"user_id":31312},"datetime":"2022-07-19T11:24:16.274073+05:30","extra":{"ip":"127.0.0.1"}}}

{"@timestamp":"2022-07-19T11:24:16.274073+05:30","log":{"level":200,"logger":"production","message":"CLICK_ITEM3","context":{"user_id":31312},"datetime":"2022-07-19T11:24:16.274073+05:30","extra":{"ip":"127.0.0.1"}}}

我可以通过在Kibana的KQL中查询log.message: "BUY_ITEM1"来获得购买Item1的用户。
如何获取同时具有BUY_ITEM1BUY_ITEM2的用户ID?

kibana

1条答案

按热度按时间
pjngdqdw

pjngdqdw1#

Tldr;

存在于SQL中的Join查询在Elasticsearch中是不可能的,它们是(非常有限的)。
您需要解决此问题。

解决方法

您可以对他们购买的所有产品的user_id执行aggregation

GET /73031860/_search
{
  "query": {
    "terms": {
      "log.message.keyword": [
        "BUY_ITEM1",
        "BUY_ITEM2"
      ]
    }
  },
  "size": 0,
  "aggs": {
    "users": {
      "terms": {
        "field": "log.context.user_id",
        "size": 10
      },
      "aggs": {
        "products": {
          "terms": {
            "field": "log.message.keyword",
            "size": 10
          }
        }
      }
    }
  }
}

这将给予以下结果

{
...
  },
  "aggregations": {
    "users": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": 31312,
          "doc_count": 2,
          "products": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "BUY_ITEM1",
                "doc_count": 1
              },
              {
                "key": "BUY_ITEM2",
                "doc_count": 1
              }
            ]
          }
        }
      ]
    }
  }
}
赞(0)分享  回复(0)举报  2022-12-09
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com