我写了一些 aggs 查询来获取总数(总和)和唯一计数。但结果有点混乱。
唯一值大于 doc_count。
可能吗?
我知道基数 aggs 是实验性的,可以得到不同值的近似计数。
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations-metrics-cardinality-aggregation.html
但结果太糟糕了。如您所见,有许多唯一大于 doc_count 的存储桶。
请求格式有问题吗?或基数限制?
50 万份文档被索引
,并且有 15 种 eventID
ES 1.4 使用。
要求
{
"size": 0,
"_source": false,
"aggs": {
"eventIds": {
"terms": {
"field": "_EventID_",
"size": 0
},
"aggs": {
"unique": {
"cardinality": {
"field": "UUID"
}
}
}
}
}
回复
{
"took": 383,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 550971,
"max_score": 0,
"hits": [
]
},
"aggregations": {
"eventIds": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "red",
"doc_count": 165110,
"unique": {
"value": 27423
}
},
{
"key": "blue",
"doc_count": 108376,
"unique": {
"value": 94775
}
},
{
"key": "yellow",
"doc_count": 78919,
"unique": {
"value": 70094
}
},
{
"key": "green",
"doc_count": 60580,
"unique": {
"value": 78945
}
},
{
"key": "black",
"doc_count": 49923,
"unique": {
"value": 56200
}
},
{
"key": "white",
"doc_count": 38744,
"unique": {
"value": 45229
}
},
编辑。更多测试
我再次尝试了 1,000 个precision_threshold,它只过滤了一个 eventId
,但结果的错误是相同的。基数预计小于 30,000 但超过 66,000(这大于总文档大小)
doc_count:65,672(没问题。对)基数:66,037(大于doc_count)实际基数:约23,000(由rdbms脚本计算...)
要求
{
"size": 0,
"_source": false,
"query": {
"term": {
"_EventID_": "packdownload"
}
},
"aggs": {
"unique": {
"cardinality": {
"field": "UUID",
"precision_threshold": 10000
}
}
}
}
回复
{
"took": 28,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 65672,
"max_score": 0,
"hits": []
},
"aggregations": {
"unique": {
"value": 66037
}
}
}