0

我有如下查询。它为以下条件返回 320 个结果-

{
    "size": "5000",
    "sort": [
        {
            "errorDateTime": {
                "order": "desc"
            }
        }
    ],
    "query": {
        "bool": {
            "must": [
                {
                    "range": {
                        "errorDateTime": {
                            "gte": "2021-04-07T20:08:20.516",
                            "lte": "2021-04-08T00:08:20.516"
                        }
                    }
                },
                {
                    "bool": {
                        "should": [
                            {
                                "match": {
                                    "businessFunction": "PriceUpdate"
                                }
                            },
                            {
                                "match": {
                                    "businessFunction": "PriceFeedIntegration"
                                }
                            },
                            {
                                "match": {
                                    "businessFunction": "StoreConnectivity"
                                }
                            },
                            {
                                "match": {
                                    "businessFunction": "Transaction"
                                }
                            },
                            {
                                "match": {
                                    "businessFunction": "SalesSummary"
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "aggs": {
        "genres_and_store": {
            "terms": {
                "field": "storeId"
            },
            "aggs": {
                "genres_and_error": {
                    "terms": {
                        "field": "errorCode"
                    },
                    "aggs": {
                        "genres_and_business": {
                            "terms": {
                                "field": "businessFunction"
                            }
                        }
                    }
                }
            }
        }
    }
}

但是聚合结果不匹配。我有很多商店没有在聚合中返回,但我可以在查询结果中看到它们。我错过了什么?我的架构看起来像 -

{
                    "errorDescription": "FTP Service unable to connect to Store to list the files for Store 12345",
                    "errorDateTime": "2021-04-07T21:01:15.040546",
                    "readBy": [],
                    "errorCode": "e004",
                    "businessFunction": "TransactionError",
                    "storeId": "12345"
                }

如果我写错了查询,请告诉我。我想对每个商店、每个错误代码和每个 businessFunction 进行聚合。

4

2 回答 2

0

如果size在 terms 聚合中没有设置参数,那么默认情况下它会返回前 10 个术语,这些术语按它们的doc_count. 您需要size在 terms 聚合中添加参数,以获取所有匹配的总命中数。

试试下面的查询

{
  "size": "5000",
  "sort": [
    {
      "errorDateTime": {
        "order": "desc"
      }
    }
  ],
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "errorDateTime": {
              "gte": "2021-04-07T20:08:20.516",
              "lte": "2021-04-08T00:08:20.516"
            }
          }
        },
        {
          "bool": {
            "should": [
              {
                "match": {
                  "businessFunction": "PriceUpdate"
                }
              },
              {
                "match": {
                  "businessFunction": "PriceFeedIntegration"
                }
              },
              {
                "match": {
                  "businessFunction": "StoreConnectivity"
                }
              },
              {
                "match": {
                  "businessFunction": "Transaction"
                }
              },
              {
                "match": {
                  "businessFunction": "SalesSummary"
                }
              }
            ]
          }
        }
      ]
    }
  },
  "aggs": {
    "genres_and_store": {
      "terms": {
        "field": "storeId",
        "size": 100               // note this
      },
      "aggs": {
        "genres_and_error": {
          "terms": {
            "field": "errorCode"
          },
          "aggs": {
            "genres_and_business": {
              "terms": {
                "field": "businessFunction"
              }
            }
          }
        }
      }
    }
  }
}
于 2021-04-12T07:05:31.130 回答
0

我认为我在 aggs 中缺少 size 参数,并且仅获得默认的 10 个聚合:

"aggs": {
        "genres_and_store": {
            "terms": {
                "field": "storeId",
                "size": 1000
            },
于 2021-04-12T11:02:06.927 回答