动态键

动态键

关注
发信
关注(28)粉丝(399)

elasticsearch - Elasticsearch术语聚合-用于对象的动态键

文件结构

Doc_1 {
"title":"hello",
"myObject":{
 "key1":"value1",
 "key2":"value2"
 }
}
Doc_2 {
"title":"hello world",
"myObject":{
 "key2":"value4",
 "key3":"value3"
 }
}
Doc_3 {
"title":"hello world2",
"myObject":{
 "key1":"value1",
 "key3":"value3"
 }
}

信息:myObject包含动态键值对。
目标:我的目标是编写一个聚合查询以返回唯一的所有动态键值对的数量。
尝试和解释:通过这种方式,我可以轻松获得已知密钥的结果。
       {
        "size":0,
        "query":{
               "match":{"title":"hello"}
                },
        "aggs":{
               "key1Agg":{
                    "terms":{"field":"myObject.key1.keyword"}
                },
               "key2Agg":{
                    "terms":{"field":"myObject.key2.keyword"}
                },
               "key3Agg":{
                    "terms":{"field":"myObject.key3.keyword"}
               }
              }
          }

这是上述硬编码嵌套键聚合的典型结果。
{
...
"aggregations": {
    "key1Agg": {
        ...
        "buckets": [
            {
                "key": "value1",
                "doc_count": 2
            }

        ]
    },
    "key2Agg": {
        ...
        "buckets": [
            {
                "key": "value2",
                "doc_count": 1
            },
            {
                "key": "value4",
                "doc_count": 1
            }

        ]
    },
    "key3Agg": {
       ...
        "buckets": [
            {
                "key": "value3",
                "doc_count": 2
            }

        ]
    }
}

}

现在我想要的是返回所有动态键值对的计数,即在聚合查询中不放置任何硬键名。

我正在使用ES 6.3,请先谢谢!!

最佳答案

根据您提供的信息,看来myObject似乎是object datatype而非nested datatype

嗯,没有简单的方法可以不修改您拥有的数据,您可以做的,最简单的解决方案可能是添加一个额外的字段,例如将其称为myObject_list,其类型为keyword,其中文档将是如下:

样本文件:

POST test_index/_doc/1
{
 "title":"hello",
  "myObject":{
   "key1":"value1",
   "key2":"value2"
  },
  "myObject_list": ["key1_value1", "key2_value2"]     <--- Note this
}

POST test_index/_doc/2
{
 "title":"hello world",
  "myObject":{
   "key2":"value4",
   "key3":"value3"
  },
  "myObject_list": ["key2_value4", "key3_value3"]     <--- Note this
}

POST test_index/_doc/3
{
 "title":"hello world2",
  "myObject":{
   "key1":"value1",
   "key3":"value3"
  },
  "myObject_list": ["key1_value1", "key3_value3"]     <--- Note this
}

您可以进行如下查询:

请求查询:
POST test_index/_search
{
  "size": 0,
  "aggs": {
    "key_value_aggregation": {
      "terms": {
        "field": "myObject_list",              <--- Make sure this is of keyword type
        "size": 10
      }
    }
  }
}

请注意,我在这里使用了Terms Aggregation

响应:
{
  "took" : 406,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 3,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "key_value_aggregation" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "key1_value1",
          "doc_count" : 2
        },
        {
          "key" : "key3_value3",
          "doc_count" : 2
        },
        {
          "key" : "key2_value2",
          "doc_count" : 1
        },
        {
          "key" : "key2_value4",
          "doc_count" : 1
        }
      ]
    }
  }
}

希望这可以帮助!

关于elasticsearch - Elasticsearch术语聚合-用于对象的动态键,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/58273836/

10-11 08:51
Powered by LMLPHP ©2025 动态键 0.026071