GET /logstash-2018.10.17/log/_search?pretty
{
"size": 0,
"aggs": {
"requestid": {
"terms": {
"field": "message.request.requestid"
},
"aggs": {
"methodname": {
"terms": {
"field": "message.request.methodname"
},
"aggs": {
"typename": {
"terms": {
"field": "message.request.typename"
},
"aggs": {
"log_format": {
"terms": {
"field": "message.log_format"
}
},
"sent": {
"filter": {
"term": {
"message.log_format": "sent"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"processing": {
"filter": {
"term": {
"message.log_format": "processing"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"returned": {
"filter": {
"term": {
"message.log_format": "returned"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"one_two": {
"bucket_script": {
"buckets_path": {
"one": "sent>log_time",
"two": "processing>log_time"
},
"script": "params.two*1000 - params.one*1000"
}
},
"two_three": {
"bucket_script": {
"buckets_path": {
"two": "processing>log_time",
"three": "returned>log_time"
},
"script": "params.three*1000 - params.two*1000"
}
}
}
}
}
}
}
}
}
}
如何展示script计算出来的结果,并制作成条形图
{
"size": 0,
"aggs": {
"requestid": {
"terms": {
"field": "message.request.requestid"
},
"aggs": {
"methodname": {
"terms": {
"field": "message.request.methodname"
},
"aggs": {
"typename": {
"terms": {
"field": "message.request.typename"
},
"aggs": {
"log_format": {
"terms": {
"field": "message.log_format"
}
},
"sent": {
"filter": {
"term": {
"message.log_format": "sent"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"processing": {
"filter": {
"term": {
"message.log_format": "processing"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"returned": {
"filter": {
"term": {
"message.log_format": "returned"
}
},
"aggs": {
"log_time": {
"max": {
"field": "message.log_time"
}
}
}
},
"one_two": {
"bucket_script": {
"buckets_path": {
"one": "sent>log_time",
"two": "processing>log_time"
},
"script": "params.two*1000 - params.one*1000"
}
},
"two_three": {
"bucket_script": {
"buckets_path": {
"two": "processing>log_time",
"three": "returned>log_time"
},
"script": "params.three*1000 - params.two*1000"
}
}
}
}
}
}
}
}
}
}
如何展示script计算出来的结果,并制作成条形图
2 个回复
rochy - rochy_he
赞同来自:
你可以说一下你的数据结构,看你的语句很难理解最终的目的
wangmo - mxw
赞同来自:
"log_namespace": "distnode.controller.ControllerService",
"log_level": {
"__class_uuid__": "02e59486-f24d-46ad-8224-3acdf2a5732a",
"name": "info"
},
"log_flattened": {
"request[requestid]!:": 187378210234354382021030167284042998147,
"request[requestid]!s:": "187378210234354382021030167284042998147"
},
"log_source": {
"unpersistable": true
},
"request": {
"typename": "xxxxxx",
"methodname": "yyyyyy",
"requestid": 187378210234354382021030167284042998147,
"timeout": 600.0,
"procclient": "None",
"kwargs": {
"_pushclientid": ""
},
"args": [{
"": ["idle", 2, null],
"": ["idle", 3, null],
"": ["idle", 2, null],
"": ["idle", 2, null],
"": ["rendering", 2, "U9LXq"],
"": ["idle", 2, null]
}],
"targetid": null,
"clientid": ""
},
"client": {
"name": "<_Client type:client, version: 1>",
"node_type": "unreal",
"clientid": "",
"host": "",
"version": 1,
"path": "/home/operation/workspace/renderingengine/engine",
"port": 41794
},
"result": {
"result": ".",
"clientid": "192.168.1.201-jobtracker"
},
"log_logger": {
"unpersistable": true
},
"log_time": 1535472000.630325,
"log_format": "request: {request[requestid]} returned without error."
}
数据结构每条都是类似这种的json格式,我通过多次嵌套聚合,才能确定某个方法的当前时间戳,通过script计算出这个方法每个阶段的用时。通过上面的聚合,在es中可以得到下面的结果(粘了一部分),但是我现在的问题是,无法在kibana中展示这个结果,即下面one_two,two_three的结果,貌似kibana的条形图x轴不支持嵌套的聚合,
"processing" : {
"doc_count" : 1,
"log_time" : {
"value" : 1.53547200204801E9
}
},
"returned" : {
"doc_count" : 1,
"log_time" : {
"value" : 1.535472002052623E9
}
},
"sent" : {
"doc_count" : 1,
"log_time" : {
"value" : 1.535472002045312E9
}
},
"one_two" : {
"value" : 2.697998046875
},
"two_three" : {
"value" : 4.613037109375