aggregations聚合
聚合提供了从数据中分组和提取数据的能力,最简单的聚合方法大致等于 SQL GROUP BY和SQL聚合函数。在Elasticsearch中,有执行搜索返回hits(命中结果),并且同时返回聚合结果,把一个相应中的所有hits分隔开的能力。这是非常强大且有效的,您可以执行查询和多个聚合,并且在一次使用中得到各自的(任何一个)返回结果,使用依次简介和简化的API避免网络往返。
官网地址:https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations.html
GET /my-index-000001/_search
{
"aggs": {
"my-agg-name": {
"terms": {
"field": "my-field"
}
}
}
}
结果
{
"took": 78,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 5,
"relation": "eq"
},
"max_score": 1.0,
"hits": [...]
},
"aggregations": {
"my-agg-name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": []
}
}
}
GET /my-index-000001/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-1d/d",
"lt": "now/d"
}
}
},
"aggs": {
"my-agg-name": {
"terms": {
"field": "my-field"
}
}
}
}
