elasticsearch - elasticsearch group by multi java api

问题描述

我刚刚使用了弹性搜索。我想使用 group by 两次来完成这个查询。这是我在 srcMac 组下的 srcip 弹性搜索查询组

{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-7d/d",
        "lte": "now/d"
      }
    }
  },
  "size": 0,
  "aggs": {
    "id1_count": {
      "terms": {
        "field": "srcip"
      },
      "aggs": {
        "id2_count": {
          "terms": {
            "field": "srcMac"
          }
        },
        "aggs": {
          "sum": {
            "script": "doc['rcvd'].value + doc['sent'].value"
          }
        }
      }
    }
  }
}

这通常是这样做的。但是我的java代码不正确。

这是我的java代码。

TermsAggregationBuilder termagg2 = AggregationBuilders.terms("id2_count").field("srcMac")
                // add the sum sub-aggregation
                .subAggregation(aggregation);

        TermsAggregationBuilder termagg = AggregationBuilders.terms("aggs").field("srcip").size(10) 
                    // add the second-level terms sub-aggregation
                   .subAggregation(termagg2);  

        SearchResponse sr = client.prepareSearch("coreit").setTypes("doc")
                .setQuery(qb)
                .addAggregation(termagg)
                .execute().actionGet();

        Terms terms = sr.getAggregations().get("aggs");
        for (Terms.Bucket bucket : terms.getBuckets()) {
            long cnt =bucket.getDocCount() ;
            Sum agg = bucket.getAggregations().get("agg");
            System.out.println(bucket.getKey()+" / cnt : "+cnt + " : sum : "+agg.getValue()  );
        }

        Terms terms2 = sr.getAggregations().get("aggs");
        for (Terms.Bucket bucket2 : terms2.getBuckets()) {
            System.out.println(bucket2.getKey());
        } << I think this part is error

我想看 。srcip : ~~ / srcMac : ~~ / sum : ~~ 怎么了？

标签： elasticsearch