1. 首页
  2. 问答
  3. 如何比较弹性搜索中的两个聚合

如何比较弹性搜索中的两个聚合

2017-03-05 92 views
0

我有一个交易数据流,我将我的10米间隔分组,并计算一个聚合中的交易数量,并在另一个聚合中移动平均数。我只想查询total_count是>移动平均值的情况下的结果。如何比较弹性搜索中的两个聚合

此查询返回就好。

GET/_search

{ 
    "aggs": { 
     "my_date_histo":{     
      "date_histogram":{ 
       "field":"created_at", 
       "interval":"10m" 
      }, 

      "aggs":{ 
       "the_count":{ 
        "value_count" : {"field" : "user_id"} 
       }, 

       "the_movavg":{ 
        "moving_avg":{ 
        "buckets_path": "the_count" , 
        "window": 5, 
        "model": "simple" 
        } 
       } 
     } 
    } 
    } 
}

但是,当我尝试以下方法,它抛出的错误,

GET /_search 
{ 
    "aggs": { 
     "my_date_histo":{     
      "date_histogram":{ 
       "field":"created_at", 
       "interval":"10m" 
      }, 

      "aggs":{ 
       "the_count":{ 
        "value_count" : {"field" : "user_id"} 
       }, 

       "the_movavg":{ 
        "moving_avg":{ 
        "buckets_path": "the_count" , 
        "window": 5, 
        "model": "simple" 
        } 
       }, 

       "final_filter": { 
      "bucket_selector": { 
      "buckets_path": { 
      "TheCount": "the_count", 
      "TheMovAvg": "the_movavg" 

      }, 
      "script": "params.TheCount > params.TheMovAvg" 
     } 
    } 

     } 
    } 
    } 

}

编辑:

映射

{ 
    "transaction-live": { 
    "mappings": { 
     "logs": { 
     "properties": { 
      "@timestamp": { 
      "type": "date" 
      }, 
      "@version": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "correspondent_id": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "created_at": { 
      "type": "date" 
      }, 
      "discount": { 
      "type": "float" 
      }, 
      "endpoint": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "event_type": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "fees": { 
      "type": "float" 
      }, 
      "from_country_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "from_currency_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "fx_sent_receive": { 
      "type": "float" 
      }, 
      "receive_amount": { 
      "type": "float" 
      }, 
      "response_code": { 
      "type": "long" 
      }, 
      "send_amount": { 
      "type": "float" 
      }, 
      "source": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "source_version": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "startedtransaction_id": { 
      "type": "long" 
      }, 
      "to_country_code": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "user_agent": { 
      "type": "text", 
      "fields": { 
       "keyword": { 
       "type": "keyword", 
       "ignore_above": 256 
       } 
      } 
      }, 
      "user_id": { 
      "type": "long" 
      } 
     } 
     } 
    } 
    } 
}

ERROR:

{ 
    "error": { 
    "root_cause": [], 
    "type": "reduce_search_phase_exception", 
    "reason": "[reduce] ", 
    "phase": "fetch", 
    "grouped": true, 
    "failed_shards": [], 
    "caused_by": { 
     "type": "script_exception", 
     "reason": "runtime error", 
     "caused_by": { 
     "type": "null_pointer_exception", 
     "reason": null 
     }, 
     "script_stack": [ 
     "params.TheCount > params.TheMovAvg", 
     "      ^---- HERE" 
     ], 
     "script": "params.TheCount > params.TheMovAvg", 
     "lang": "painless" 
    } 
    }, 
    "status": 503 
}

来源

2017-03-05 user2635060

+0

你能分享你的映射/模式吗? – user3775217

+0

也请粘贴您收到的错误 – user3775217

+0

@ user3775217:我已经编辑了我的回答并提供了请求的详细信息 – user2635060

回答

2

我玩了一下你的查询了一下,发现了这个问题。 以下是工作查询,你可以使用

{ 
    "size": 0, 
    "aggs": { 
     "my_date_histo": { 
      "date_histogram": { 
       "field": "created_at", 
       "interval": "10m" 
      }, 
      "aggs": { 
       "the_count": { 
        "value_count": { 
         "field": "user_id" 
        } 
       }, 
       "the_movavg": { 
        "moving_avg": { 
         "buckets_path": "the_count", 
         "window": 5, 
         "model": "simple" 
        } 
       }, 
       "final_filter": { 
        "bucket_selector": { 
         "buckets_path": { 
          "TheCount": "the_count", 
          "TheMovAvg": "the_movavg" 

         }, 
         "script": "params.TheCount > (params.TheMovAvg == null ? 0 : params.TheMovAvg)" 
        } 
       } 
      } 
     } 
    } 
}

我们认识这个问题,采取看看聚集以下结果未经bucket_selector聚集。

{ 
    "took": 10, 
    "timed_out": false, 
    "_shards": { 
    "total": 5, 
    "successful": 5, 
    "failed": 0 
    }, 
    "hits": { 
    "total": 42, 
    "max_score": 0, 
    "hits": [] 
    }, 
    "aggregations": { 
    "my_date_histo": { 
     "buckets": [ 
     { 
      "key_as_string": "2017-03-06T15:30:00.000Z", 
      "key": 1488814200000, 
      "doc_count": 14, 
      "the_count": { 
      "value": 14 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T15:40:00.000Z", 
      "key": 1488814800000, 
      "doc_count": 0, 
      "the_count": { 
      "value": 0 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T15:50:00.000Z", 
      "key": 1488815400000, 
      "doc_count": 14, 
      "the_count": { 
      "value": 14 
      }, 
      "the_movavg": { 
      "value": 7 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:00:00.000Z", 
      "key": 1488816000000, 
      "doc_count": 3, 
      "the_count": { 
      "value": 3 
      }, 
      "the_movavg": { 
      "value": 14 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:10:00.000Z", 
      "key": 1488816600000, 
      "doc_count": 8, 
      "the_count": { 
      "value": 7 
      }, 
      "the_movavg": { 
      "value": 8.5 
      } 
     }, 
     { 
      "key_as_string": "2017-03-06T16:20:00.000Z", 
      "key": 1488817200000, 
      "doc_count": 3, 
      "the_count": { 
      "value": 3 
      }, 
      "the_movavg": { 
      "value": 6.375 
      } 
     } 
     ] 
    } 
    } 
}

如果您观察到前两个桶的结果不计算该窗口的moving_aggs/moving_agg的设置。所以当你的过滤器选择器比较它是抛出null pointer exception on runtime作为JAVA比较运算符抛出空指针异常。

希望这可以帮助你。 谢谢

来源

2017-03-06 16:00:16 user3775217

+0

非常感谢您的解决方案。这真的很有用,它解决了这个问题。 – user2635060

相关问题

 相关问题