弹性搜索桶过滤
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了弹性搜索桶过滤相关的知识,希望对你有一定的参考价值。
我想从聚合桶中过滤数据。我写了这样的查询
{
"size":0,
"aggregations": {
"latestNode": {
"terms": {"field": "uri"},
"aggregations": {
"top_nodes": {
"top_hits": {
"sort": [
{
"timestamp": {
"order": "desc"
}
}
],
"size" : 1
}
}
}
}
}
}
在此之后,我得到的结果如下:
{
"took": 14,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 6,
"max_score": 0,
"hits": []
},
"aggregations": {
"latestNode": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "2FF70002AC01F743",
"doc_count": 2,
"top_nodes": {
"hits": {
"total": 2,
"max_score": null,
"hits": [
{
"_index": "VirtualDB",
"_type": "doc",
"_id": "E85FnWgBhR1fwKHvHfpI",
"_score": null,
"_source": {
"uri": "2FF70002AC01F743",
"status": "WARNING",
"name": "Test_20k_11Test1",
"timestamp": 1548664071116
},
"sort": [
1548664071116
]
}
]
}
}
},
{
"key": "vDB1234",
"doc_count": 2,
"top_nodes": {
"hits": {
"total": 2,
"max_score": null,
"hits": [
{
"_index": "VirtualDB",
"_type": "doc",
"_id": "Es5EnWgBhR1fwKHvm_r5",
"_score": null,
"_source": {
"uri": "vDB1234",
"status": "OK",
"name": "Test_20k_11Test",
"timestamp": 15486640781116
},
"sort": [
15486640781116
]
}
]
}
}
},
{
"key": "2FF70002AC01F744",
"doc_count": 1,
"top_nodes": {
"hits": {
"total": 1,
"max_score": null,
"hits": [
{
"_index": "VirtualDB",
"_type": "doc",
"_id": "Fc5GnWgBhR1fwKHvPvrm",
"_score": null,
"_source": {
"uri": "2FF70002AC01F744",
"status": "WARNING",
"name": "Test_20k_11Test1",
"timestamp": 1548664061116
},
"sort": [
1548664061116
]
}
]
}
}
},
{
"key": "vDB1235",
"doc_count": 1,
"top_nodes": {
"hits": {
"total": 1,
"max_score": null,
"hits": [
{
"_index": "VirtualDB",
"_type": "doc",
"_id": "Ec5DnWgBhR1fwKHvb_oe",
"_score": null,
"_source": {
"uri": "vDB1235",
"status": "OK",
"name": "Test_20k_11Test",
"timestamp": 15486640751116
},
"sort": [
15486640751116
]
}
]
}
}
}
]
}
}
}
现在我想根据条件从桶中删除一些项目
如果uri = vDB1234并且“status”=“OK”,“name”=“Test_20k_11Test”则删除
{
"uri": "vDB1234",
"status": "OK",
"name": "Test_20k_11Test",
"timestamp": 15486640781116
}
聚合桶中的第二位感谢您提前帮助
答案
如果要从整个结果集中删除它,可以使用查询块。在这种情况下,首先运行查询,并对查询结果执行聚合。
{
"query": {
"bool" : {
"must": [
// Your conditions here
]
}
},
"size":0,
"aggregations": {
"latestNode": {
"terms": {"field": "uri"},
"aggregations": {
"top_nodes": {
"top_hits": {
"sort": [
{
"timestamp": {
"order": "desc"
}
}
],
"size" : 1
}
}
}
}
}
以上是关于弹性搜索桶过滤的主要内容,如果未能解决你的问题,请参考以下文章