我试图在 elasticsearch 中找到聚合结果的最小值和最大值。什么查询将允许它首先按字段聚合,然后执行每月子聚合以获取该字段的每月数据,然后在这些每月计算的指标中找到最小值和最大值。 我一直在寻找 min 和 max。下面的其余要求是我的查询
问题可以表述为:任何国家/地区的最大和最小交易量(考虑所有月份)是多少? 这是我试过的查询:
{
"query": {
"bool": {
"must": [
{
"term": {
"Id": "7466swy7893jgs225"
}
}
]
}
},
"aggs": {
"dimension": {
"terms": {
"field": "country"
},
"aggs": {
"MoM": {
"date_histogram": {
"field": "date",
"interval": "month",
"format": "MMM YY"
},
"aggs": {
"totalValue": {
"sum": {
"field": "Transactions"
}
}
}
}
}
}
},
"size": 0
这是我得到的输出:
{
"aggregations": {
"dimension": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "USA",
"doc_count": 392,
"MoM": {
"buckets": [
{
"key_as_string": "jan 16",
"key": 1462060800000,
"doc_count": 31,
"totalValue": { "value": 352 }
},
{
"key_as_string": "Feb 16",
"key": 1462060800000,
"doc_count": 31,
"totalValue": { "value": 429 }
}
??????????????/MIN and MAX of 352 AND 429
]
}
},
{
"key": "Bhutan",
"doc_count": 392,
"MoM": {
"buckets": [
{
"key_as_string": "Jan 16",
"key": 1462060800000,
"doc_count": 31,
"totalValue": {"value": 750 }
}
,
{
"key_as_string": "Feb 16",
"key": 1464739200000,
"doc_count": 30,
"totalValue": {"value": 827 }
}
??????????????/MIN and MAX of 750 AND 827
]
}
}
]
}
}}
最佳答案
您需要使用 Pipeline Aggregation. .尝试 Max Bucket 和 Min Bucket 聚合
{
"size": 0,
"aggs": {
"dimension": {
"terms": {
"field": "country"
},
"aggs": {
"MoM": {
"date_histogram": {
"field": "date",
"interval": "month",
"format": "MMM YY"
},
"aggs": {
"totalValue": {
"sum": {
"field": "transactions"
}
}
}
},
"max_monthly_temp": {
"max_bucket": {
"buckets_path": "MoM>totalValue"
}
},
"min_monthly_temp": {
"min_bucket": {
"buckets_path": "MoM>totalValue"
}
}
}
}
}
}
输出会有点像:
"buckets": [
{
"key": "India",
"doc_count": 5,
"MoM": {
"buckets": [
{
"key_as_string": "Feb 17",
"key": 1485907200000,
"doc_count": 3,
"totalValue": {
"value": 260
}
},
{
"key_as_string": "Mar 17",
"key": 1488326400000,
"doc_count": 1,
"totalValue": {
"value": 115
}
},
{
"key_as_string": "Apr 17",
"key": 1491004800000,
"doc_count": 1,
"totalValue": {
"value": 5
}
}
]
},
"max_monthly_temp": {
"value": 260,
"keys": [
"Feb 17"
]
},
"min_monthly_temp": {
"value": 5,
"keys": [
"Apr 17"
]
}
},
......
]
希望这有帮助..
关于其他聚合结果的 elasticsearch min 和 max aggs,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44238208/