本文介绍了统计每个API的命中次数的ElasticSearch查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我必须获取每个API/url的不同https响应的计数,并将命中率最高的5个API显示为Kibana警报。
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
通过此查询,我能够获取过去15分钟内http状态的计数。
"aggregations": {
"Status": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 47,
"buckets": [
{
"doc_count": 252095,
"key": 200
},
{
"doc_count": 3845,
"key": 400
},
{
"doc_count": 1102,
"key": 404
},
{
"doc_count": 853,
"key": 401
},
{
"doc_count": 694,
"key": 206
},
{
"doc_count": 305,
"key": 500
},
{
"doc_count": 166,
"key": 204
},
{
"doc_count": 61,
"key": 429
},
{
"doc_count": 56,
"key": 403
},
{
"doc_count": 40,
"key": 422
}
]
}
}
由于我不熟悉ElasticSearch,因此无法使用";data.url";字段编写多个聚合来获取每个API/url的http状态计数。
我预计会是这样的
API
/search/results 200 : 30 201: 10 500:1
/eligibility 200 : 20 500 : 3
任何帮助都将不胜感激。谢谢。
推荐答案
开始不错,您马上就到了!
您只需要在状态聚合之上再添加一个terms聚合,如下所示:
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": "now",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"Url": {
"terms": {
"field": "url_field_name", <----- add this
"size": 10
},
"aggs": {
"Status": {
"terms": {
"field": "data.response.status",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
}
}
这篇关于统计每个API的命中次数的ElasticSearch查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!