0

I created a log parser that puts each parsed log line into Elastic Search as a documents with fields like timestamp, error_code, message.

Now, the problem is to display errors grouped by error_code, but for each error_code there should be the number of occurrences, the time of last occurrence (i.e. max timestamp) and an example of message (preferably the last one).

I know facets can be used to determine all unique error_codes and the total count of occurrences for each one. But how do I get timestamp and message?

4

1 回答 1

0

您正在寻找的内容称为 Field Collapsing 并且 ElasticSearch 中还没有(请参阅https://github.com/elasticsearch/elasticsearch/issues/256)。虽然它在 Solr 中可用。

于 2014-03-02T23:04:09.720 回答