需要解释弹性搜索过滤器聚合 [英] Need Explanation on ElasticSearch Filters Aggregation
问题描述
我正在尝试了解ElasticSearch中的过滤器聚合的语法,而且我被困扰。文档中给出的示例是:
{aggs:{messages:{filters:{filters {errors:{term:{body:error}},warnings:{term:{body:warning}}}},aggs :{histogram:{field:timestamp,interval:1M}}}}}}
我了解以下内容:
- aggs定义聚合块(它是聚合的快捷方式)。
- 消息是聚合块的用户定义名称。
- 错误和警告是用于为聚合创建桶的过滤器的用户定义名称。他们分别将body等同于error和warning的项目删除(term匹配)。
不明白为什么过滤器出现两次,嵌套在自己的内部。根据一般聚合语法:
aggregations:{< aggregation_name> :{< aggregation_type> :{< aggregate_body> } [,aggregations:{[< sub_aggregation>] +}]? } [,< aggregation_name_2> :{...}] *}
- aggs是聚合的缩写
- 消息是我的
- 过滤器是
第二个filters元素的作用是什么?它在哪里记录了过滤器必须是自嵌套的,似乎不是这样感谢任何解释!
$ b
/ div>
我明白你的感觉,一直在那里: - )
在过滤器聚合,第一个过滤器发生是 aggregation_type ,第二个是 aggregation_body c $ c> c $ c> c $ c> >
第二个过滤器发生可能被称为任何其他内容( filter_list ,列表等)来表示它包含该聚合的过滤器列表,但是ES人员选择了过滤器,它们也与聚合本身的名称相同。
所以这样:
{
aggs: {< ---关键字声明聚合
消息:{< ---
之后的聚合的自定义名称filters:{< --- aggregation_type
filters:{< --- first(and only))的聚合属性
errors:{term:{body:error}},
warnings :{term:{body:warning}}
}
},
aggs:{
monthly:{
histogram:{
field:timestamp,
interval:1M
}
}
}
}
}
}
I'm trying to understand the syntax of Filters Aggregations in ElasticSearch, and I'm stumped. The example given in the documentation is this:
{
"aggs" : {
"messages" : {
"filters" : {
"filters" : {
"errors" : { "term" : { "body" : "error" }},
"warnings" : { "term" : { "body" : "warning" }}
}
},
"aggs" : {
"monthly" : {
"histogram" : {
"field" : "timestamp",
"interval" : "1M"
}
}
}
}
}
}
I understand the following:
- "aggs" defines the aggregations blocks (it's a shortcut for "aggregations"). There's actually nested aggregations in the example, as can be seen.
- "messages" is the user-defined name of the aggregation block.
- "errors" and "warnings" are user-defined names of the filters used to create the "buckets" for the aggregation. They drop items with "body" equal to "error" and "warning" respectively ("term" matching).
What I don't understand is why "filters" appears twice, nested inside of itself. Per the general aggregations syntax:
"aggregations" : {
"<aggregation_name>" : {
"<aggregation_type>" : {
<aggregation_body>
}
[,"aggregations" : { [<sub_aggregation>]+ } ]?
}
[,"<aggregation_name_2>" : { ... } ]*
}
- "aggs" is short for "aggregations"
- "messages" is my "
- "filters" is the ""
What's the second "filters" element doing? And where is it documented that "filters" has to be self-nested; it doesn't seem to be the case for any of the other aggregations I'm learning.
Thanks for any explanation!
I understand how you feel, been there, too :-)
In the filters aggregation, the first filters occurrence is the aggregation_type and the second is part of the aggregation_bodyof the filters aggregation and is the only valid key that this aggregation supports.
The second filters occurrence could have been called anything else (filter_list, list, etc) to denote that it contains the list of filters for that aggregation, but the ES folks picked filters which happen to also be the same name as the name of the aggregation itself.
So it goes like this:
{
"aggs" : { <--- key word to declare aggregations
"messages" : { <--- custom name for the aggregation that follows
"filters" : { <--- aggregation_type
"filters" : { <--- first (and only) key of the aggregation_body
"errors" : { "term" : { "body" : "error" }},
"warnings" : { "term" : { "body" : "warning" }}
}
},
"aggs" : {
"monthly" : {
"histogram" : {
"field" : "timestamp",
"interval" : "1M"
}
}
}
}
}
}
这篇关于需要解释弹性搜索过滤器聚合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
