查询kibana中的前n个值 [英] Query top n value in kibana

问题描述

我最近在kibana学习KQL，我想显示基于id的前n个值.在此表中，每个ID可能具有不同的覆盖范围.我希望看到每个ID的前2个最大覆盖范围.我以这张桌子为例:

I learn KQL in kibana recently, I would like to show top n values based on id. In this table, each id could have different reach. I would like to see that each ID's top 2 maximum reach. I have this table as example:

id  reach
1   10       
1   12
1   3
3   7
1   13
3   12
3   90
4   12

如何根据覆盖率选择前2名.目标:

How to choose top 2 based on reach. target:

id  reach
1   12
1   10
3   90
3   12
4   12

如果我只想基于此来源使用最大聚合"，则可以轻松地做到这一点.使用max的源使用max只会取前1个值.如果我们想取大于1的值，该怎么做?谢谢

It can be done easily if I only want top 1 using Max Aggregate based on this source. source using max using max it only take top 1 value. How do we do it if we want to take more than 1 value ? Thank you

推荐答案

您将需要使用术语聚合来获取所有唯一ID，然后进行热门匹配子聚合以使每个ID达到TOP 2:

You'll need to use terms aggregation to get all unique IDs and then do a top-hits sub-aggregation to get TOP 2 per each ID:

{
  "aggs": {
    "ids": {
      "terms": {
        "field": "id",
        "size": 3
      },
      "aggs": {
        "top_reaches": {
          "top_hits": {
            "sort": [
              {
                "reach": {
                  "order": "desc"
                }
              }
            ],
            "_source": {
              "includes": ["reach" ]
            },
            "size": 2
          }
        }
      }
    }
  }
}

如果您事先知道ID，则可以使用

If you knew IDs in advance, you could use _msearch to issue a query per ID:

GET test-index/_msearch
{ }
{"size":2,"query" : {"term" : 1}, "sort": [{"reach": {"order": "desc"}}]}
{ }
{"size":2,"query" : {"term" : 2}, "sort": [{"reach": {"order": "desc"}}]}
{ }
{"size":2,"query" : {"term" : 3}, "sort": [{"reach": {"order": "desc"}}]}

这篇关于查询kibana中的前n个值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！