2

以下是我的 elasticsearch 索引中的几个示例文档:

{
  message: "M1",
  date: "date object",
  comments: [
    {
     "msg" :"good"
     date:"date_obj1"
   },
   {
    "msg" :"bad"
     date:"date_obj2"
   },
   {
    "msg" :"ugly"
     date:"date_obj3"
   }
  ]
}


{
  message: "M2",
  date: "date_object5",
  comments: [
    {
     "msg" :"ugly"
     date:"date_obj7"
    },
    {
     "msg" :"pagli"
     date:"date_obj8"
    }
  ]
}

现在我需要查找每天的文档数量和每天的评论数量。我可以通过使用日期直方图获得每天的文档数量,它给了我正确的结果。我进行以下聚合查询

aggs : {
    "posts_over_days" : {
        "date_histogram" : { "field" : "date", "interval": "day" }
         }
    }

但是当我每天尝试类似的事情来获取评论时,它会返回不正确的数据,(对于 1500 多条评论,它只会返回 160 条奇数评论)。我正在做以下查询:

aggs : {
    "comments_over_days" : {
        "date_histogram" : { "field" : "comments.date", "interval": "day" }
         }
    }

我想知道如何得到想要的结果?elasticsearch有没有办法得到我想要的?如果我需要提供任何其他信息,请告诉我。

预期输出:

buckets: [
 {
   time_interval: date_objectA,
   doc_count: x
 },
  {
   time_interval: date_objectB,
   doc_count: y
 }
]
4

1 回答 1

3

使用值计数聚合 - 这将计算文档中字段的术语数。例如,根据您的数据(2 个文档中的 5 条评论):

curl -XGET 'http://localhost:9200/myindex/mydata/_search?search_type=count&pretty' -d '{
>    "aggs" : {
>         "grades_count" : { "value_count" : { "field" : "comments.date" } }
>     }
> }'
{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 0.0,
    "hits" : [ ]
   },
   "aggregations" : {
    "grades_count" : {
     "value" : 5
    }
  }
}

添加日期桶

Value Count 聚合可以嵌套在日期桶中:

curl -XGET 'http://localhost:9200/myindex/mydata/_search?search_type=count&pretty' -d '{
  aggs : {
   "posts_over_days" : {
     "date_histogram" : { "field" : "date", "interval": "day" },
     "aggs" : {
         "grades_count" : { "value_count" : { "field" : "comments.date" } }
       }
     }
  }
}'

结果:

  "aggregations" : {
    "posts_over_days" : {
     "buckets" : [ {
        "key_as_string" : "2014-11-27T00:00:00.000Z",
        "key" : 1417046400000,
        "doc_count" : 1,
        "grades_count" : {
          "value" : 2
        }
      }, {
        "key_as_string" : "2014-11-28T00:00:00.000Z",
        "key" : 1417132800000,
        "doc_count" : 1,
        "grades_count" : {
          "value" : 3
        }
      }
于 2014-12-02T13:35:05.057 回答