时间戳

首页 > 解决方案 > 必须存在的聚合过滤器返回不存在的字段

elasticsearch - 必须存在的聚合过滤器返回不存在的字段

问题描述

我正在尝试运行一个看起来像这样的聚合查询

{
   "from": 0,
   "size": 1000,
    "query": {
        "constant_score": {
            "filter": {
                "bool": {
                    "must": [
                        {
                            "term": {
                                "metric_value_type.keyword": {
                                    "value": "Outage",
                                    "boost": 1
                                }
                            }
                        },
                        {
                            "terms": {
                                "city.keyword": [
                                    "LONDON"
                                ],
                                "boost": 1
                            }
                        },
                        {
                            "range": {
                                "metric_timestamp": {
                                    "from": "2019-08-01T08:30:00.000Z",
                                    "to": "2019-08-19T14:00:00.000Z",
                                    "include_lower": true,
                                    "include_upper": true,
                                    "boost": 1
                                }
                            }
                        }
                    ],
                    "adjust_pure_negative": true,
                    "boost": 1
                }
            },
            "boost": 1
        }
    },
    "aggregations": {
        "missing_metric_values_aggregation": {
            "filter": {
                "bool": {
                    "must": {
                        "exists": {
                            "field": "metric_value"
                        }
                    }
                }
            },
            "aggregations": {
                "groupby_aggregation": {
                    "terms": {
                        "field": "cpe_name.keyword",
                        "size": 20000,
                        "min_doc_count": 1,
                        "shard_min_doc_count": 0,
                        "show_term_doc_count_error": false,
                        "order": [
                            {
                                "_count": "desc"
                            },
                            {
                                "_key": "asc"
                            }
                        ]
                    }
                }
            }
        }
    }
}

我的文件看起来像这样

                    "customer_site_id": "BLABLA",
                    "link_id": null,
                    "cpe_type": "ROUTER",
                    "cpe_id": "BLABLA",
                    "metric_value_type": "Outage",
                    "metric_value_unit": "s",
                    "metric_timestamp": "2019-08-06T12:40:00.000Z",
                    "metric_time": "12:40:00",
                    "metric_value": null,
                    "cpe_name": "BLABLA",
                    "city": "LONDON",
                    "zip_code": null,
                    "address": "BLABLA",
                    "cpe_ip_address": "BLABLA",
                    "position": {
                        "lat": BLABLA,
                        "lon": BLABLA
                    }

metric_value 可以为 null 或具有整数值,当我运行上面的查询时,我仍然得到 metric_value 字段中为 null 的文档,怎么会?

是因为我有多个以 metric_value 开头的字段吗?

标签: elasticsearchfilteraggregation

解决方案

过滤器exists仅适用于过滤器或布尔查询。在聚合中没有意义。您必须首先获得正确的数据集,然后才能应用任何聚合。试试下面的查询,希望对您有所帮助。

{
"from": 0,
"size": 1000,
"query": {
    "constant_score": {
        "filter": {
            "bool": {
                "must": [
                    {
                        "exists": {
                            "field": "metric_value"
                        }
                    },
                    {
                        "term": {
                            "metric_value_type.keyword": {
                                "value": "Outage",
                                "boost": 1
                            }
                        }
                    },
                    {
                        "terms": {
                            "city.keyword": [
                                "LONDON"
                            ],
                            "boost": 1
                        }
                    },
                    {
                        "range": {
                            "metric_timestamp": {
                                "from": "2019-08-01T08:30:00.000Z",
                                "to": "2019-08-19T14:00:00.000Z",
                                "include_lower": true,
                                "include_upper": true,
                                "boost": 1
                            }
                        }
                    }
                ],
                "adjust_pure_negative": true,
                "boost": 1
            }
        },
        "boost": 1
    }
},
"aggregations": {
    "missing_metric_values_aggregation": {
        "aggregations": {
            "groupby_aggregation": {
                "terms": {
                    "field": "cpe_name.keyword",
                    "size": 20000,
                    "min_doc_count": 1,
                    "shard_min_doc_count": 0,
                    "show_term_doc_count_error": false,
                    "order": [
                        {
                            "_count": "desc"
                        },
                        {
                            "_key": "asc"
                        }
                    ]
                }
            }
        }
    }
}

}

推荐阅读