标签:xdp dpi 记录 没有 ted gen count bucket its
今天在统计pv和ip时遇到之前没有遇到的查询操作,在这里先记录下...
1、使用nested嵌套后,聚合查询当前嵌套的字段与嵌套外的字段,建议在嵌套内添加嵌套外需要聚合的字段:
2、跳出嵌套:
1 "aggs": { 2 "rev": { 3 "reverse_nested": {}, //跳出嵌套桶 4 "aggs": { 5 "age": { 6 "terms": { 7 "field": "gender", 8 "size": 3 9 } 10 } 11 } 12 }
2、需要统计bucket桶中doc_count最大值:
"aggs": { "nestedDpiPv": { "terms": { "field": "dpi", "size": 15000 } }, "maxDpiPv": { "max_bucket": { "buckets_path": "nestedDpiPv>_count" } } }
查询后的结果为:
...前面took,hits等省略 "maxDpiPv": { "value": 198, "keys": [ "414X736" ] }
标签:xdp dpi 记录 没有 ted gen count bucket its
原文地址:https://www.cnblogs.com/mYunYu/p/13492903.html
