需要解释 ElasticSearch 过滤器聚合 [英] Need Explanation on ElasticSearch Filters Aggregation

问题描述

我试图了解 ElasticSearch 中过滤器聚合的语法，但我很困惑.文档中给出的示例是这样的:

I'm trying to understand the syntax of Filters Aggregations in ElasticSearch, and I'm stumped. The example given in the documentation is this:

{
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : {
          "errors" :   { "term" : { "body" : "error"   }},
          "warnings" : { "term" : { "body" : "warning" }}
        }
      },
      "aggs" : {
        "monthly" : {
          "histogram" : {
            "field" : "timestamp",
            "interval" : "1M"
          }
        }
      }
    }
  }
}

我了解以下内容:

• "aggs" 定义了聚合块(它是聚合"的快捷方式).可以看出，示例中实际上存在嵌套聚合.
• messages"是用户定义的聚合块名称.
• errors"和warnings"是用于为聚合创建buckets"的过滤器的用户定义名称.它们会丢弃body"分别等于error"和warning"的项目(term"匹配).

我不明白的是为什么过滤器"出现两次，嵌套在自身内部.根据一般聚合语法:

What I don't understand is why "filters" appears twice, nested inside of itself. Per the general aggregations syntax:

"aggregations" : {
    "<aggregation_name>" : {
        "<aggregation_type>" : {
            <aggregation_body>
        }
        [,"aggregations" : { [<sub_aggregation>]+ } ]?
    }
    [,"<aggregation_name_2>" : { ... } ]*
}

• aggs"是聚合"的缩写
• 消息"是我的
• 过滤器"是"

第二个过滤器"元素在做什么?哪里记录了过滤器"必须是自嵌套的；我正在学习的任何其他聚合似乎都不是这种情况.

What's the second "filters" element doing? And where is it documented that "filters" has to be self-nested; it doesn't seem to be the case for any of the other aggregations I'm learning.

感谢您的解释！

推荐答案

我理解你的感受，我也去过那里 :-)

I understand how you feel, been there, too :-)

在 filters 聚合中，第一个 filters 出现是 aggregation_type，第二个出现是 aggregation_body 的一部分>filters 聚合中的，并且是此聚合支持的唯一有效 key.

In the filters aggregation, the first filters occurrence is the aggregation_type and the second is part of the aggregation_bodyof the filters aggregation and is the only valid key that this aggregation supports.

第二个 filters 出现可以被称为其他任何东西(filter_list、list 等)来表示它包含过滤器列表对于该聚合，但 ES 人员选择了 filters，它恰好也与聚合本身的名称相同.

The second filters occurrence could have been called anything else (filter_list, list, etc) to denote that it contains the list of filters for that aggregation, but the ES folks picked filters which happen to also be the same name as the name of the aggregation itself.

事情是这样的:

{
  "aggs" : {                    <--- key word to declare aggregations
    "messages" : {              <--- custom name for the aggregation that follows
      "filters" : {             <--- aggregation_type
        "filters" : {           <--- first (and only) key of the aggregation_body
          "errors" :   { "term" : { "body" : "error"   }},
          "warnings" : { "term" : { "body" : "warning" }}
        }
      },
      "aggs" : {
        "monthly" : {
          "histogram" : {
            "field" : "timestamp",
            "interval" : "1M"
          }
        }
      }
    }
  }
}

这篇关于需要解释 ElasticSearch 过滤器聚合的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！