pra*_*t17 4 sql group-by elasticsearch kibana
我正在尝试获取总计超过某个总金额(例如1000)的记录。以下是文档示例。
[
{
"_index": "orders_stage",
"_type": "order",
"_id": "AV3FtHR8lArSPNJl_rcp",
"_score": 1,
"_source": {
"total_amount": 650,
"custid": "2",
"client_id": 1
}
},
{
"_index": "orders_stage",
"_type": "order",
"_id": "AV3F5UfjlArSPNJl_rlu",
"_score": 1,
"_source": {
"total_amount": 200,
"custid": "1",
"client_id": 1
}
},
{
"_index": "orders_stage",
"_type": "order",
"_id": "AV3F5UfjlArSPNJl_rxm",
"_score": 1,
"_source": {
"total_amount": 1400,
"custid": "1",
"client_id": 1
}
}
]
因此,首先,我要使用custid对记录进行分组(agg),然后我希望那些total_amount的总和大于某个数量的记录(例如1000)。我尝试了以下查询:
{
"query": {
"bool": {
"must": [
{
"term": {
"client_id": 1
}
},
{
"range": {
"amount_spent": {
"gte": 1000
}
}
}
]
}
},
"aggs": {
"customers": {
"terms": {
"field": "custid"
},
"aggs": {
"amount_spent": {
"sum": {
"field": "total_amount"
}
}
}
}
}
}
当我运行此查询时,我什么也没得到,有人可以指导我根据汇总结果进行过滤。
谢谢
您需要使用bucket_selector管道聚合,而不能在查询部分中进行:
{
"query": {
"bool": {
"must": [
{
"term": {
"client_id": 1
}
}
]
}
},
"aggs": {
"customers": {
"terms": {
"field": "custid"
},
"aggs": {
"amount_spent": {
"sum": {
"field": "total_amount"
}
},
"amount_spent_filter": {
"bucket_selector": {
"buckets_path": {
"amountSpent": "amount_spent"
},
"script": "params.amountSpent > 1000"
}
}
}
}
}
}
| 归档时间: |
|
| 查看次数: |
1301 次 |
| 最近记录: |