时间戳

首页 > 解决方案 > 带有布尔查询的弹性搜索聚合

elasticsearch - 带有布尔查询的弹性搜索聚合

问题描述

这是我的弹性布尔查询。这很好用:

{
  "query": {
        "bool": {
            "filter": [
                {
                    "terms": {
                        "parent_uuid._raw": [
                            "87ec596a-109e-45ce-8a8d-7a2d1a56df81",
                            "07526608-8140-46be-96b9-c5f7cca4bd93"
                        ]
                    }
                },
                {
                    "terms": {
                        "resource_type._raw": [
                            "Zone"
                        ]
                    }
                }
            ]
        }
    },
    "from": 0
}

我想对名称字段进行聚合。所以我添加了这个:

"aggs": {
    "group_by_name": {
        "terms": {
            "field": "display_name.keyword"
        }
    } }

但结果是一样的。我错过了什么?

我得到的结果是:

{“设备资源”:[{“fq_name”:[“默认域”,“muthu1500”,“EP”,“JUNOS/Zone=oam”],“uuid”:“161cf82d-16fd-4219-861d- d50de622f8eb”,“uri”:“/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb”},{“fq_name”:[“默认域”,“muthu1500”,“EP”,“ JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, {“fq_name”:[“默认域”,“muthu1500”、“MNONZT”、“JUNOS/Zone=trust”]、“uuid”:“251a4a9e-acb4-49ed-9c29-499ddbceb532”、“uri”:“/ems-central/device-resource/251a4a9e-acb4 -49ed-9c29-499ddbceb532" }, { "fq_name": [ "default-domain", "muthu1500", "MNONZT", "JUNOS/Zone=untrust" ], "uuid": "a3417512-8953-4c1e-b68e -8390327d5213”,“uri”:“/ems-central/device-resource/a3417512-8953-4c1e-b68e-8390327d5213”},{“fq_name”:[“默认域”,“muthu1500”,“SRX1500MD”, "JUNOS/Zone=trust" ], "uuid": "1a5434c5-d47d-40be-bb00-ef1d244e6c0c", "uri": "/ems-central/device-resource/1a5434c5-d47d-40be-bb00-ef1d244e6c0c" } ] ,“总数”:5 }

由于最后两条记录分别与第二条和第三条记录具有相同的 display_name,因此聚合应该只显示其中的一条。我想要这个结果:

{“设备资源”:[{“fq_name”:[“默认域”,“muthu1500”,“EP”,“JUNOS/Zone=oam”],“uuid”:“161cf82d-16fd-4219-861d- d50de622f8eb”,“uri”:“/ems-central/device-resource/161cf82d-16fd-4219-861d-d50de622f8eb”},{“fq_name”:[“默认域”,“muthu1500”,“EP”,“ JUNOS/Zone=untrust" ], "uuid": "fe28fb7c-c087-4473-aeef-e302022f47a4", "uri": "/ems-central/device-resource/fe28fb7c-c087-4473-aeef-e302022f47a4" }, {“fq_name”:[“默认域”,“muthu1500”、“MNONZT”、“JUNOS/Zone=trust”]、“uuid”:“251a4a9e-acb4-49ed-9c29-499ddbceb532”、“uri”:“/ems-central/device-resource/251a4a9e-acb4 -49ed-9c29-499ddbceb532" } ], "总计": 3 }

标签: elasticsearch

解决方案

根据您的映射,您的terms聚合需要是这样的(使用_raw子字段):

"aggs": {
  "group_by_name": {
    "terms": {
        "field": "display_name._raw"
    }
} }

推荐阅读