我需要合并两个Elasticsearch查询,还是可以使用or类型运算符? [英] Do I need to merge two Elasticsearch queries or can I use an or-type operator?
问题描述
我有两个Elasticsearch查询(我通过R中的elastic包使用).
I have two Elasticsearch queries (which I use via the elastic package in R).
一个查询收集功能被加载的次数,另一个查询收集功能被卸载的次数.
One query gathers the number of times a feature is loaded, the other gathers the number of times a feature is unloaded.
现在我的需求发生了变化,因为我需要在同一数据集中将两种类型的数据/状态收集在一起(状态可以是TRUE或FALSE,我想将两种类型的数据/状态都收集在相同的数据集).
My needs have now changed in that I need to gather both types of data/states together, in the same dataset (the state can either be TRUE or FALSE and I want to gather both in the same dataset).
我要做什么::要确定visible是TRUE还是FALSE的两种情况.
What I want to do: To identify both cases where visible is either TRUE or FALSE.
因此,我想知道最好的方法是:我(尝试)合并查询还是应该使用or类型的运算符?
Therefore, I want to know what the best approach is: should I (attempt to) merge the queries or I should use an or-type operator?
如果是后者,我将如何处理?
If it is the latter, how would I go about it?
为完整起见,这是我的缩小查询(未缩小的版本在此问题的结尾):
For completeness, here are my minified queries (unminified versions are at the end of this question):
loads_body <- '{"size":0,"query":{"bool":{"must":[{"match":{"merchant":"a6xzTHtpQs"}},{"term":{"visible":true}},{"range":{"time":{"gte":"2018-04-02T06:00:00","lte":"2018-04-03T05:59:59","time_zone":"+00:00"}}}]}},"aggs":{"daily":{"date_histogram":{"field":"time","interval":"hour","time_zone":"+00:00","min_doc_count":0,"extended_bounds":{"min":"2018-04-02T06:00:00","max":"2018-04-03T05:59:59"}}}}}'
和
unloads_body <- '{"size":0,"query":{"bool":{"must":[{"match":{"merchant":"a6xzTHtpQs"}},{"term":{"visible":false}},{"range":{"time":{"gte":"2018-04-02T06:00:00","lte":"2018-04-03T05:59:59","time_zone":"+00:00"}}}]}},"aggs":{"daily":{"date_histogram":{"field":"time","interval":"hour","time_zone":"+00:00","min_doc_count":0,"extended_bounds":{"min":"2018-04-02T06:00:00","max":"2018-04-03T05:59:59"}}}}}'
未缩小的查询:
loads_body <- '{
"size":0,
"query": {
"bool": {
"must":[ {
"match": {
"merchant": "a6xzTHtpQs"
}
}
,
{
"term": {
"visible": true
}
}
,
{
"range": {
"time": {
"gte": "2018-04-02T06:00:00", "lte": "2018-04-03T05:59:59", "time_zone": "+00:00"
}
}
}
]
}
}
,
"aggs": {
"daily": {
"date_histogram": {
"field":"time",
"interval":"hour",
"time_zone":"+00:00",
"min_doc_count":0,
"extended_bounds": {
"min": "2018-04-02T06:00:00", "max": "2018-04-03T05:59:59"
}
}
}
}
}'
和
unloads_body <- '{
"size":0,
"query": {
"bool": {
"must":[ {
"match": {
"merchant": "a6xzTHtpQs"
}
}
,
{
"term": {
"visible": false
}
}
,
{
"range": {
"time": {
"gte": "2018-04-02T06:00:00", "lte": "2018-04-03T05:59:59", "time_zone": "+00:00"
}
}
}
]
}
}
,
"aggs": {
"daily": {
"date_histogram": {
"field":"time",
"interval":"hour",
"time_zone":"+00:00",
"min_doc_count":0,
"extended_bounds": {
"min": "2018-04-02T06:00:00", "max": "2018-04-03T05:59:59"
}
}
}
}
}'
推荐答案
是的,您可以使用单个查询和子聚合来完成所需的操作.类似于
Yes you can use a single query and sub aggregations to do what you are looking for. Something along the lines of
{
"query":{
"bool":{
"must":[
{
"match":{
"merchant":"a6xzTHtpQs"
}
},
{
"range":{
"time":{
"gte":"2018-04-02T06:00:00",
"lte":"2018-04-03T05:59:59",
"time_zone":"+00:00"
}
}
}
]
}
},
"aggs":{
"Visible_agg":{
"terms":{
"field":"visible"
},
"aggs":{
"daily":{
"date_histogram":{
"field":"time",
"interval":"hour",
"time_zone":"+00:00",
"min_doc_count":0,
"extended_bounds":{
"min":"2018-04-02T06:00:00",
"max":"2018-04-03T05:59:59"
}
}
}
}
}
}
}
这应该在两个存储桶中生成直方图,一个为"visible":真,另一个为"visible":false 这是您要找的吗?
This should produce the histograms in two buckets one for "visible": true and other for "visible":false Is this what you are looking for?
这篇关于我需要合并两个Elasticsearch查询,还是可以使用or类型运算符?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
