时间戳

首页 > 解决方案 > Elasticsearch 基数聚合返回零

elasticsearch - Elasticsearch 基数聚合返回零

问题描述

我有一个具有以下映射的索引:

{"vahid":{"mappings":{"doc":{"properties":{"@timestamp":{"type":"date"},"@version":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"message":{"properties":{"context":{"properties":{"adID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"fID":{"type":"long"},"zoneID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"filename":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"funcName":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"hostname":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"lineno":{"type":"long"},"logLevel":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"message":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"pid":{"type":"long"},"timestamp":{"type":"float"}}}}}}}}

总之,adID 字段的映射是

{"adID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}

我想做一个基数聚合来计算唯一 adID 的数量

: agg = { 
...:     "aggs" : { 
...:         "type_count" : { 
...:             "cardinality" : { 
...:                 "field" : "message.context.keyword.adID" 
...:             } 
...:         } 
...:     } 
...: }

结果是

{'took': 13,
 'timed_out': False,
 '_shards': {'total': 5, 'successful': 5, 'skipped': 0, 'failed': 0},
 'hits': {'total': 7,
  'max_score': 1.0,
  'hits': [{'_index': 'vahid',
    '_type': 'doc',
    '_id': '0XrVPWkBu4YGVBHQV9Sa',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 1}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '0nrWPWkBu4YGVBHQO9TR',
    '_score': 1.0,
    '_source': {'message': {'context': {'fID': 1}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '03rXPWkBu4YGVBHQKdQt',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 2}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '13rXPWkBu4YGVBHQ2NQG',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 3}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '1XrXPWkBu4YGVBHQzdQG',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 3}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '1nrXPWkBu4YGVBHQ09Qb',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 3}}}},
   {'_index': 'vahid',
    '_type': 'doc',
    '_id': '1HrXPWkBu4YGVBHQbdRa',
    '_score': 1.0,
    '_source': {'message': {'context': {'adID': 3}}}}]},
 'aggregations': {'type_count': {'value': 0}}}

为什么基数聚合的结果为零?

标签: elasticsearchaggregate

解决方案

您在查询中以错误的顺序使用了字段引用

{ 
     "aggs" : { 
         "type_count" : { 
            "cardinality" : { 
                "field" : "message.context.adID.keyword" 
            } 
        } 
    }   
}

推荐阅读