分组聚合
POST razor_v1/event/_search
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "acc"
}
}
}
}
{
"aggs": {
"acc_max": {
"max": {
"field": "acc"
}
}
}
}
{
"aggs": {
"acc_sum": {
"sum": {
"field": "acc"
}
}
}
}
基数聚合 cardinality aggregation
POST razor_v1/event/_search?search_type=count
{
"aggs": {
"distinct_userids": {
"cardinality": {
"field": "useridentifier"
}
}
}
}
多值度量聚合 multi-value metrics aggregation
POST razor_v1/event/_search?search_type=count
{
"aggs": {
"acc_stats": {
"extended_stats": {
"field": "acc"
}
}
}
}
结果
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"acc_stats": {
"count": 10750,
"min": 1,
"max": 5,
"avg": 3.0275348837209304,
"sum": 32546,
"sum_of_squares": 120210,
"variance": 2.0163581092482414,
"std_deviation": 1.4199852496586862,
"std_deviation_bounds": {
"upper": 5.867505383038303,
"lower": 0.18756438440355794
}
}
}
}
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"acc_stats": {
"count": 10750,
"min": 1,
"max": 5,
"avg": 3.0275348837209304,
"sum": 32546,
"sum_of_squares": 120210,
"variance": 2.0163581092482414,
"std_deviation": 1.4199852496586862,
"std_deviation_bounds": {
"upper": 5.867505383038303,
"lower": 0.18756438440355794
}
}
}
}
多指标应用 桶
{
"aggs": {
"userids": {
"terms": {
"field": "useridentifier"
},
"aggs": {
"avg_acc": {
"avg": {
"field": "acc"
}
}
}
}
}
}
结果 写道
{
"took": 9,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
}
}
]
}
}
}
"took": 9,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
}
}
]
}
}
}
桶中的桶
{
"aggs": {
"userids": {
"terms": {
"field": "useridentifier"
},
"aggs": {
"avg_acc": {
"avg": {
"field": "acc"
}
},
"make": {
"terms": {
"field": "version"
}
}
}
}
}
}
结果 写道
{
"took": 46,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "redis",
"doc_count": 513,
"avg_acc": {
"value": 2.982456140350877
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.0",
"doc_count": 89
}
]
}
}
,
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 136
}
,
{
"key": "2.4",
"doc_count": 74
}
]
}
}
,
{
"key": "uuidd",
"doc_count": 479,
"avg_acc": {
"value": 2.9958246346555324
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 116
}
,
{
"key": "2.0",
"doc_count": 71
}
]
}
}
,
{
"key": "dawn",
"doc_count": 477,
"avg_acc": {
"value": 2.989517819706499
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 122
}
,
{
"key": "2.0",
"doc_count": 93
}
]
}
}
,
{
"key": "dbus",
"doc_count": 477,
"avg_acc": {
"value": 3.0943396226415096
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 128
}
,
{
"key": "2.0",
"doc_count": 76
}
]
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 138
}
,
{
"key": "2.0",
"doc_count": 74
}
]
}
}
,
{
"key": "http",
"doc_count": 460,
"avg_acc": {
"value": 3.0282608695652176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 135
}
,
{
"key": "2.0",
"doc_count": 78
}
]
}
}
,
{
"key": "ntp",
"doc_count": 458,
"avg_acc": {
"value": 2.997816593886463
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.4",
"doc_count": 71
}
]
}
}
,
{
"key": "daemon",
"doc_count": 456,
"avg_acc": {
"value": 2.9846491228070176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 132
}
,
{
"key": "2.4",
"doc_count": 78
}
]
}
}
,
{
"key": "nobody",
"doc_count": 448,
"avg_acc": {
"value": 3.127232142857143
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 124
}
,
{
"key": "1.2",
"doc_count": 66
}
]
}
}
]
}
}
}
"took": 46,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10750,
"max_score": 0,
"hits": [ ]
},
"aggregations": {
"userids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 6033,
"buckets": [
{
"key": "redis",
"doc_count": 513,
"avg_acc": {
"value": 2.982456140350877
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.0",
"doc_count": 89
}
]
}
}
,
{
"key": "colord",
"doc_count": 487,
"avg_acc": {
"value": 3.051334702258727
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 136
}
,
{
"key": "2.4",
"doc_count": 74
}
]
}
}
,
{
"key": "uuidd",
"doc_count": 479,
"avg_acc": {
"value": 2.9958246346555324
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 116
}
,
{
"key": "2.0",
"doc_count": 71
}
]
}
}
,
{
"key": "dawn",
"doc_count": 477,
"avg_acc": {
"value": 2.989517819706499
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 122
}
,
{
"key": "2.0",
"doc_count": 93
}
]
}
}
,
{
"key": "dbus",
"doc_count": 477,
"avg_acc": {
"value": 3.0943396226415096
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 128
}
,
{
"key": "2.0",
"doc_count": 76
}
]
}
}
,
{
"key": "usbmux",
"doc_count": 462,
"avg_acc": {
"value": 3.0064935064935066
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 138
}
,
{
"key": "2.0",
"doc_count": 74
}
]
}
}
,
{
"key": "http",
"doc_count": 460,
"avg_acc": {
"value": 3.0282608695652176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 135
}
,
{
"key": "2.0",
"doc_count": 78
}
]
}
}
,
{
"key": "ntp",
"doc_count": 458,
"avg_acc": {
"value": 2.997816593886463
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 115
}
,
{
"key": "2.4",
"doc_count": 71
}
]
}
}
,
{
"key": "daemon",
"doc_count": 456,
"avg_acc": {
"value": 2.9846491228070176
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 132
}
,
{
"key": "2.4",
"doc_count": 78
}
]
}
}
,
{
"key": "nobody",
"doc_count": 448,
"avg_acc": {
"value": 3.127232142857143
},
"make": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "3.0",
"doc_count": 124
}
,
{
"key": "1.2",
"doc_count": 66
}
]
}
}
]
}
}
}
参考:
聚合的测试数据(Aggregation Test-Drive 译文);
相关推荐
而“elasticsearch聚合值过滤”是ES聚合功能的一个高级应用场景,它允许我们根据聚合计算出的结果来进一步筛选文档,即在聚合后的基础上进行过滤操作。这一特性在数据分析和报表生成时非常有用,能够帮助我们得到更...
方法如果传总页数了,es就不用查询总页数,直接通过开始位置到结束位置取数即可
ES 聚合查询结果转换成相应的对象集合,ES 聚合查询结果转换成相应的对象集合
elasticsearch聚合
Elasticsearch聚合之Terms Elasticsearch中的Terms聚合是一种常用的聚合方式,用于对文档中的某个字段进行分组统计。Terms聚合可以对文档中的某个字段进行分组,并统计每个组中的文档数量。 在Elasticsearch中,...
Elasticsearch的聚合功能允许用户对数据进行汇总和分析,其中桶聚合和度量聚合是两种常用的聚合类型。本文将详细探讨这两种聚合的区别及其应用场景。 桶聚合和度量聚合在Elasticsearch中扮演着不同的角色,它们共同...
在 Elasticsearch (ES) 中,聚合(Aggregations)是一种强大的功能,允许我们对索引中的数据进行统计分析,如求平均值、计数、分桶等。而在某些场景下,我们可能需要在聚合的基础上进一步过滤结果,即基于聚合的结果...
Elasticsearch聚合分析实战(2) 博客地址:https://blog.csdn.net/neweastsun/article/details/104324747
ElasticSearch对数据进行聚合并对聚合结果值进行过滤查询
聚合查询分页测试termsAgg.size(2147483647); //指定最大统计显示多少行步骤1:全量聚合,size设置为: 2147483647。 ES5.X/6.X版本设置为2147483647 ,它等于2^31-1,请看该地方代码
### 数据聚合的艺术:深入解析 Elasticsearch 中的聚合技术 Elasticsearch 作为一个强大的搜索与分析引擎,在处理海量数据方面表现出色。其内置的聚合功能更是数据分析领域的重要工具之一。本篇文章将详细探讨 ...
Java 使用 Elasticsearch 进行分组聚合查询过程解析 Java 使用 Elasticsearch 进行分组聚合查询是一个常见的需求,特别是在大数据处理和数据分析领域。Elasticsearch 提供了强大的聚合功能,可以对数据进行分组、...
Elasticsearch(简称ES)是一款强大的开源搜索引擎,广泛应用于数据检索、分析和管理。作为分布式、RESTful风格的搜索和数据分析引擎,Elasticsearch能够提供实时、高可用性以及可扩展的搜索功能。在进行日常的数据...
Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和分享对数据的见解,并管理和监控堆栈。 Elasticsearch 为所有类型的数据提供近乎实时的...
多弹性搜索头,对著名的 Elasticsearch Head 的改进 1.保存和存储几个Elasticsearch端点 2.索引选项卡中的更多列 3. 任何请求现在都可以像 /_cat/indices 一样处理 JSON 返回 4. 更简约的外观(更小的字体等...) ...
根据提供的文件信息,我们可以推断出本篇文章将围绕Elasticsearch 6.2.2版本进行详细介绍,包括其下载方式、主要功能特性以及在实际应用中的常见用途。 ### Elasticsearch简介 Elasticsearch是一款基于Lucene的...
Elasticsearch聚合分析实战(2) 本文在前文基础上进一步通过学习度量分析和分组分析。示例数据可以点击这里下载。 环境准备 系统中提供1000条employee数据,读者可以通过POST /employees/_bulk命令批量插入至elastic...
Elasticsearch(简称ES)是基于Lucene的分布式搜索引擎,广泛应用于日志分析、全文检索、实时数据分析等场景。在本教程中,我们将深入探讨Elasticsearch的简单查询和聚合查询,帮助你更好地理解和应用这一强大的工具...
Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和分享对数据的见解,并管理和监控堆栈。 Elasticsearch 为所有类型的数据提供近乎实时的...
Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和分享对数据的见解,并管理和监控堆栈。 Elasticsearch 为所有类型的数据提供近乎实时的...