使用netstat -lntp来看看有侦听在网络某端口的进程。当然,也可以使用 lsof。

请教es一个多field聚合查询的问题

Elasticsearch | 作者 elastigo | 发布于2017年02月16日 | 阅读数:6361

比如我有这样的一组数据:
[ 
{isp:电信, province:广东, uv: 100},
{isp:电信, province:广东, uv: 200},
{isp:电信, province:湖北, uv: 300},
{isp:电信, province:湖北, uv: 100},
{isp:联通, province:广东, uv: 100},
{isp:联通, province:湖北, uv: 10} ]
现在我想先聚合这两个field:isp和province,同时对聚合后的uv求和,然后对uv排序,最后的结果如下:
[ 
{isp:电信, province:湖北, uv: 400},
{isp:电信, province:广东, uv: 300},
{isp:联通, province:广东, uv: 100},
{isp:联通, province:湖北, uv: 10}
]

 
请教一下,es查询该怎么写呢?谢谢大家了

es中源数据如下,已省略了部分不重要的字段:
 
"hits": [
{
"_index": "play-2017.01.01",
"_source": {
"isp": "电信",
"province": "广东",
"uv": 706,
"@timestamp": "2017-01-01T02:35:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "电信",
"province": "广东",
"uv": 919,
"@timestamp": "2017-01-01T12:40:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "联通",
"province": "山东",
"uv": 1220,
"@timestamp": "2017-01-01T10:45:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "电信",
"province": "广东",
"uv": 1017,
"@timestamp": "2017-01-01T13:45:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "电信",
"province": "广东",
"uv": 1032,
"@timestamp": "2017-01-01T13:40:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "电信",
"province": "浙江",
"uv": 849,
"@timestamp": "2017-01-01T13:40:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_score": null,
"_source": {
"isp": "联通",
"province": "山东",
"uv": 849,
"@timestamp": "2017-01-01T07:30:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "联通",
"province": "河南",
"uv": 1633,
"@timestamp": "2017-01-01T12:05:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "联通",
"province": "山东",
"uv": 882,
"@timestamp": "2017-01-01T03:20:00.000Z"
}
},
{
"_index": "play-2017.01.01",
"_source": {
"isp": "联通",
"province": "山东",
"uv": 908,
"@timestamp": "2017-01-01T04:25:00.000Z"
}
}
]

 
已邀请:

要回复问题请先登录注册