假设我在ElasticSearch上有以下数据:
@timestamp; userId; currentPoints
August 7th 2017, 00:30:37.319; myUserName; 4
August 7th 2017, 00:43:22.121; myUserName; 10
August 7th 2017, 00:54:29.177; myUserName; 7
August 7th 2017, 01:10:29.352; myUserName; 4
August 7th 2017, 00:32:37.319; myOtherUserName; 12
August 7th 2017, 00:44:22.121; myOtherUserName; 17
August 7th 2017, 00:56:29.177; myOtherUserName; 8
August 7th 2017, 01:18:29.352; myOtherUserName; 11
我正在寻找一个日期直方图,该直方图将向我显示每个用户名每小时所有max:currentPoints的总和,这将生成以下数据进行绘制:
August 7th 2017, 00; SumOfMaxCurrentPoints -> 27 (max from hour 00h from both users 10 + 17)
August 7th 2017, 00; SumOfMaxCurrentPoints -> 15 (max from hour 01h from both users 4 + 11)
通常,这可以通过子查询来完成,提取每个用户每小时的max(currentPoints),然后对结果求和并每小时进行汇总。
例如,用Kibana Timelion可以做到吗?我找不到使用文档实现此目的的方法。
谢谢
亚历克斯
最佳答案
在进行另一个项目时,我已经在不使用Timelion的情况下在Kibana / Elasticsearch中找到了答案。
该功能称为“同级管道聚合”,在这种情况下,您将使用“求和桶”。您可以将其与任何最近的Kibana / Elastic可视化配合使用(我正在使用5.5版)。
对于数据集,例如:
@timestamp; userId; currentPoints
August 7th 2017, 00:30:37.319; myUserName; 4
August 7th 2017, 00:43:22.121; myUserName; 10
August 7th 2017, 00:54:29.177; myUserName; 7
August 7th 2017, 01:10:29.352; myUserName; 4
August 7th 2017, 00:32:37.319; myOtherUserName; 12
August 7th 2017, 00:44:22.121; myOtherUserName; 17
August 7th 2017, 00:56:29.177; myOtherUserName; 8
August 7th 2017, 01:18:29.352; myOtherUserName; 11
您希望每个用户ID每小时获得(currentPoints)所有MAX(currentPoints)的总和,结果是:
August 7th 2017, 00; SumOfMaxCurrentPoints -> 27 (max from hour 00h from both users 10 + 17)
August 7th 2017, 00; SumOfMaxCurrentPoints -> 15 (max from hour 01h from both users 4 + 11)
你可以做:
公制
桶
关于elasticsearch - Kibana Timelion:子选择或子查询以汇总最大和,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45619783/