使用ElasticSearch聚合结果更新数据集 [英] Update dataset wth ElasticSearch Aggregation result
问题描述
我想通过弹性搜索为大型数据集自动化特征创建过程.我想知道是否有可能在我的数据集中创建一个新字段,这将是聚合的结果.
I'd like to automate a features creation process for large dataset with elastic search. I'd like to know if it is possible to create a new field in my dataset that will be the result of an aggregation.
我目前正在处理来自网络的日志,并希望实施归档的"bytes_in"的移动平均值(过去x天中的一个字段的平均值).
I'm currently working on log from a network and wants to implement the moving average (the mean of a field during the past x days) of the filed "bytes_in".
花了一些时间阅读文档和示例后,我无法这么做...
After spending time reading the doc and example, I wasn't able to do so ...
推荐答案
您有两种可能:
-
通过使用 Rollup API ,您可以创建一个作业,该作业将允许您随时随地汇总数据并将其存储在专用索引中.可以在此博客文章.
By using the Rollup API you can create a job that will allow you to summarize data on the go and store it in a dedicated index. A detailed example can be found in this blog article.
通过使用数据框转换API ,您可以将数据转换为以实体为中心的新索引,
By using the Data Frame Transform API, you can pivot your data into a new entity-centric index, aggregate your data in various ways and store the results in a dedicated index.
这篇关于使用ElasticSearch聚合结果更新数据集的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
