我有以下弹性搜索查询,以便从按市场ID分组的弹性搜索中获得最高总ms.
{
"from": 0,
"size": 0,
"query": {
"filtered": {
"filter": {
"and": [
{
"term": {
"@type": "tradelog"
}
},
{
"range": {
"@timestamp": {
"gte": "now-7d",
"lt": "now"
}
}
},
{
"range": {
"TotalMs": {
"gte": 200,
"lt": 2000
}
}
}
]
}
}
},
"aggregations": {
"the_name": {
"terms": {
"field": "Market",
"order" : { "totalms_avg" : "desc" }
},
"aggregations": {
"totalms_avg": {
"avg": {
"field": "TotalMs"
}
}
}
}
}
}
此查询返回几个只有1个结果的桶,这些桶是我数据中的异常值,因此我不希望它们被包含在内.是否可以过滤掉任何小于5的桶?弹性搜索等同于SQL的'HAVING'子句.
Val*_*Val 14
是的,您可以使用该min_doc_count设置
...
"aggregations": {
"the_name": {
"terms": {
"field": "Market",
"order" : { "totalms_avg" : "desc" },
"min_doc_count": 5
},
"aggregations": {
"totalms_avg": {
"avg": {
"field": "TotalMs"
}
}
}
}
}
}
| 归档时间: |
|
| 查看次数: |
6367 次 |
| 最近记录: |