如何正确排序聚合? [英] How to properly do sorting under aggregation?
本文介绍了如何正确排序聚合?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
{
size:20,
query:{
bool:{
filter:[
{
range:{
ts:{
gt 22T00:00:00.000Z,
lt:2016-08-23T13:41:09.000Z
}
}
}
]
},
aggs:{
group_by_ip:{
terms:{
field:id_orig_h
aggs:{
sum_volume:{
sum:{
field:resp_bytes,
sort [
{
resp_bytes:{
order:asc
}
}
]
}
}
}
}
}
}
解决方案
您可以使用条款中的订单 sum_volume sub-aggregation:
{
size : 20,
query:{
bool:{
filter:[
{
range:{
ts :{
gt:2016-08-22T00:00:00.000Z,
lt:2016-08-23T13:41:09.000Z
}
$
},
aggs:{
group_by_ip:{
terms {
field:id_orig_h,
order:{
sum_volume:asc
}
},
:{
sum_volume:{
sum:{
field:resp_bytes
}
}
}
}
}
}
I am still new to elasticSearch, and i have a doubt here. Would like to get assits. I have some error on properly do sorting under aggregation. Please advice me. Thank YOu
{
"size": 20,
"query": {
"bool": {
"filter": [
{
"range": {
"ts": {
"gt": "2016-08-22T00:00:00.000Z",
"lt": "2016-08-23T13:41:09.000Z"
}
}
}
]
}
},
"aggs": {
"group_by_ip": {
"terms": {
"field": "id_orig_h"
},
"aggs": {
"sum_volume": {
"sum": {
"field": "resp_bytes",
"sort": [
{
"resp_bytes": {
"order": "asc"
}
}
]
}
}
}
}
}
}
解决方案
You can do it with the order setting in your terms aggregation referencing the sum_volume sub-aggregation:
{
"size": 20,
"query": {
"bool": {
"filter": [
{
"range": {
"ts": {
"gt": "2016-08-22T00:00:00.000Z",
"lt": "2016-08-23T13:41:09.000Z"
}
}
}
]
}
},
"aggs": {
"group_by_ip": {
"terms": {
"field": "id_orig_h",
"order": {
"sum_volume": "asc"
}
},
"aggs": {
"sum_volume": {
"sum": {
"field": "resp_bytes"
}
}
}
}
}
}
这篇关于如何正确排序聚合?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
