1. 首頁
  2. 問答
  3. 如何比較彈性搜索中的兩個聚合

如何比較彈性搜索中的兩個聚合

2017-03-05 117 views
0

我有一個交易數據流,我將我的10米間隔分組,並計算一個聚合中的交易數量,並在另一個聚合中移動平均數。我只想查詢total_count是>移動平均值的情況下的結果。如何比較彈性搜索中的兩個聚合

此查詢返回就好。

GET/_search

{ 
    "aggs": { 
     "my_date_histo":{     
      "date_histogram":{ 
       "field":"created_at", 
       "interval":"10m" 
      }, 

      "aggs":{ 
       "the_count":{ 
        "value_count" : {"field" : "user_id"} 
       }, 

       "the_movavg":{ 
        "moving_avg":{ 
        "buckets_path": "the_count" , 
        "window": 5, 
        "model": "simple" 
        } 
       } 
     } 
    } 
    } 
}

但是,當我嘗試以下方法,它拋出的錯誤,

GET /_search 
{ 
    "aggs": { 
     "my_date_histo":{     
      "date_histogram":{ 
       "field":"created_at", 
       "interval":"10m" 
      }, 

      "aggs":{ 
       "the_count":{ 
        "value_count" : {"field" : "user_id"} 
       }, 

       "the_movavg":{ 
        "moving_avg":{ 
        "buckets_path": "the_count" , 
        "window": 5, 
        "model": "simple" 
        } 
       }, 

       "final_filter": { 
      "bucket_selector": { 
      "buckets_path": { 
      "TheCount": "the_count", 
      "TheMovAvg": "the_movavg" 

      }, 
      "script": "params.TheCount > params.TheMovAvg" 
     } 
    } 

     } 
    } 
    } 

}

編輯:

映射

{ 
    "transaction-live": { 
    "mappings": { 
     "logs": { 
     "properties": { 
      "@timestamp": { 
      "type": "date" 
      }, 
      "@version": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "correspondent_id": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "created_at": { 
      "type": "date" 
      }, 
      "discount": { 
      "type": "float" 
      }, 
      "endpoint": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "event_type": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "fees": { 
      "type": "float" 
      }, 
      "from_country_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "from_currency_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "fx_sent_receive": { 
      "type": "float" 
      }, 
      "receive_amount": { 
      "type": "float" 
      }, 
      "response_code": { 
      "type": "long" 
      }, 
      "send_amount": { 
      "type": "float" 
      }, 
      "source": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "source_version": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "startedtransaction_id": { 
      "type": "long" 
      }, 
      "to_country_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "user_agent": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "user_id": { 
      "type": "long" 
      } 
     } 
     } 
    } 
    } 
}

ERROR:

{ 
    "error": { 
    "root_cause": [], 
    "type": "reduce_search_phase_exception", 
    "reason": "[reduce] ", 
    "phase": "fetch", 
    "grouped": true, 
    "failed_shards": [], 
    "caused_by": { 
     "type": "script_exception", 
     "reason": "runtime error", 
     "caused_by": { 
     "type": "null_pointer_exception", 
     "reason": null 
     }, 
     "script_stack": [ 
     "params.TheCount > params.TheMovAvg", 
     "      ^---- HERE" 
     ], 
     "script": "params.TheCount > params.TheMovAvg", 
     "lang": "painless" 
    } 
    }, 
    "status": 503 
}

來源

2017-03-05 user2635060

+0

你能分享你的映射/模式嗎? – user3775217

+0

也請粘貼您收到的錯誤 – user3775217

+0

@ user3775217:我已經編輯了我的回答並提供了請求的詳細信息 – user2635060

回答

2

我玩了一下你的查詢了一下,發現了這個問題。 以下是工作查詢,你可以使用

{ 
    "size": 0, 
    "aggs": { 
     "my_date_histo": { 
      "date_histogram": { 
       "field": "created_at", 
       "interval": "10m" 
      }, 
      "aggs": { 
       "the_count": { 
        "value_count": { 
         "field": "user_id" 
        } 
       }, 
       "the_movavg": { 
        "moving_avg": { 
         "buckets_path": "the_count", 
         "window": 5, 
         "model": "simple" 
        } 
       }, 
       "final_filter": { 
        "bucket_selector": { 
         "buckets_path": { 
          "TheCount": "the_count", 
          "TheMovAvg": "the_movavg" 

         }, 
         "script": "params.TheCount > (params.TheMovAvg == null ? 0 : params.TheMovAvg)" 
        } 
       } 
      } 
     } 
    } 
}

我們認識這個問題,採取看看聚集以下結果未經bucket_selector聚集。

{ 
    "took": 10, 
    "timed_out": false, 
    "_shards": { 
    "total": 5, 
    "successful": 5, 
    "failed": 0 
    }, 
    "hits": { 
    "total": 42, 
    "max_score": 0, 
    "hits": [] 
    }, 
    "aggregations": { 
    "my_date_histo": { 
     "buckets": [ 
     { 
      "key_as_string": "2017-03-06T15:30:00.000Z", 
      "key": 1488814200000, 
      "doc_count": 14, 
      "the_count": { 
      "value": 14 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T15:40:00.000Z", 
      "key": 1488814800000, 
      "doc_count": 0, 
      "the_count": { 
      "value": 0 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T15:50:00.000Z", 
      "key": 1488815400000, 
      "doc_count": 14, 
      "the_count": { 
      "value": 14 
      }, 
      "the_movavg": { 
      "value": 7 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:00:00.000Z", 
      "key": 1488816000000, 
      "doc_count": 3, 
      "the_count": { 
      "value": 3 
      }, 
      "the_movavg": { 
      "value": 14 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:10:00.000Z", 
      "key": 1488816600000, 
      "doc_count": 8, 
      "the_count": { 
      "value": 7 
      }, 
      "the_movavg": { 
      "value": 8.5 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:20:00.000Z", 
      "key": 1488817200000, 
      "doc_count": 3, 
      "the_count": { 
      "value": 3 
      }, 
      "the_movavg": { 
      "value": 6.375 
      } 
     } 
     ] 
    } 
    } 
}

如果您觀察到前兩個桶的結果不計算該窗口的moving_aggs/moving_agg的設置。所以當你的過濾器選擇器比較它是拋出null pointer exception on runtime作爲JAVA比較運算符拋出空指針異常。

希望這可以幫助你。 謝謝

來源

2017-03-06 16:00:16 user3775217

+0

非常感謝您的解決方案。這真的很有用,它解決了這個問題。 – user2635060

相關問題

 相關問題