【问题标题】:ElasticSearch - Sort BucketsElasticSearch - 对桶进行排序
【发布时间】:2021-03-28 12:36:56
【问题描述】:

我的 elasticSearch 查询 是这样的:

{
    "size": 0,
    "aggs": {
        "group_by_name": {
            "terms": {
                "field": "Infos.InstanceInfo.Name.keyword",
                "size": 1000
            },
            "aggs": {
                "group_by_id": {
                    "terms": {
                        "field": "Infos.InstanceInfo.ID.keyword",
                        "size": 1000
                    },
                    "aggs": {
                        "tops": {
                            "top_hits": {
                                "size": 100,
                                "sort": {
                                    "Infos.InstanceInfo.StartTime": "asc"
                                }
                            }
                        }
                    }
                },
                "count": {
                    "cardinality": {
                        "field": "Infos.InstanceInfo.ID.keyword"
                    }
                }
            }
        }
    }
}

效果很好,我有一个这种形式的结果

aggregations
==>group_by_name
======>buckets:
        {key:name1}
        =========>group_by_id
        ==============>buckets
                        {key:id1}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T19:00:00"}
                        {doc2.StartTime:"2020-12-15T20:00:00"}
                        {doc3.StartTime:"2020-12-15T21:00:00"}
                        
                        {key:id2}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T09:00:00"}
                        {doc2.StartTime:"2020-12-15T11:00:00"}
                        {doc3.StartTime:"2020-12-15T11:30:00"}
                        
                        {key:id4}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T22:00:00"}
                        {doc2.StartTime:"2020-12-15T23:00:00"}
                        {doc3.StartTime:"2020-12-15T23:30:00"}

        {key:name2}
        =========>group_by_id
        ==============>buckets
                        {key:id5}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T05:00:00"}
                        {doc2.StartTime:"2020-12-15T05:30:00"}
                        {doc3.StartTime:"2020-12-15T06:00:00"}
                        
                        {key:id8}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T01:00:00"}
                        {doc2.StartTime:"2020-12-15T01:00:15"}
                        {doc3.StartTime:"2020-12-15T02:00:00"}
                        
                        {key:id9}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T08:00:00"}
                        {doc2.StartTime:"2020-12-15T09:00:15"}
                        {doc3.StartTime:"2020-12-15T10:00:00"}

现在,我正在尝试根据第一个文档的 StartTime 的值对 group_by_id 聚合中的存储桶进行排序,以获得如下结果:

aggregations
==>group_by_name
======>buckets:
        {key:name1}
        =========>group_by_id
        ==============>buckets
                        {key:id4}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T22:00:00"}
                        {doc2.StartTime:"2020-12-15T23:00:00"}
                        {doc3.StartTime:"2020-12-15T23:30:00"}
                        
                        {key:id1}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T19:00:00"}
                        {doc2.StartTime:"2020-12-15T20:00:00"}
                        {doc3.StartTime:"2020-12-15T21:00:00"}
                        
                        {key:id2}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T09:00:00"}
                        {doc2.StartTime:"2020-12-15T11:00:00"}
                        {doc3.StartTime:"2020-12-15T11:30:00"}

        {key:name2}
        =========>group_by_id
        ==============>buckets
                        {key:id9}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T08:00:00"}
                        {doc2.StartTime:"2020-12-15T09:00:15"}
                        {doc3.StartTime:"2020-12-15T10:00:00"}
                        
                        {key:id5}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T05:00:00"}
                        {doc2.StartTime:"2020-12-15T05:30:00"}
                        {doc3.StartTime:"2020-12-15T06:00:00"}
                        
                        {key:id8}
                        ===============>docs
                        {doc1.StartTime:"2020-12-15T01:00:00"}
                        {doc2.StartTime:"2020-12-15T01:00:15"}
                        {doc3.StartTime:"2020-12-15T02:00:00"}

有什么想法吗?

【问题讨论】:

    标签: sorting elasticsearch elasticsearch-aggregation


    【解决方案1】:

    执行以下操作:

    {
      "size": 0,
      "aggs": {
        "group_by_name": {
          "terms": {
            "field": "Infos.InstanceInfo.Name.keyword",
            "size": 1000,
            "order": {                                         <-- name1, name2, ... alphabetically
              "_key": "asc"
            }
          },
          "aggs": {
            "group_by_id": {
              "terms": {
                "field": "Infos.InstanceInfo.ID.keyword",
                "size": 1000,
                "order": {                                     <-- order by the latest timestamp 
                  "max_start_time": "desc"
                }
              },
              "aggs": {
                "tops": {
                  "top_hits": {
                    "size": 100,
                    "_source": "Infos.InstanceInfo.StartTime",
                    "sort": {
                      "Infos.InstanceInfo.StartTime": "asc"
                    }
                  }
                },
                "max_start_time": {                           <-- specify it here in order to apply it above
                  "max": {
                    "field": "Infos.InstanceInfo.StartTime"
                  }
                }
              }
            },
            "count": {
              "cardinality": {
                "field": "Infos.InstanceInfo.ID.keyword"
              }
            }
          }
        }
      }
    }
    

    【讨论】:

    • 我修改了查询中的顺序以满足预期的结果..谢谢
    猜你喜欢
    • 2016-09-08
    • 1970-01-01
    • 2016-03-15
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2021-05-06
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多