我有以下数据:
{"action":"CREATE","docs":1,"date":"2016 Jun 26 12:00:12","userid":"1234"}
{"action":"REPLACE","docs":2,"date":"2016 Jun 27 12:00:12","userid":"1234"}
{"action":"REPLACE","docs":1,"date":"2016 Jun 27 13:00:12","userid":"1234"}
{"action":"CREATE","docs":1,"date":"2016 Jun 28 12:00:12","userid":"3431"}
{"action":"REPLACE","docs":2,"date":"2016 Jun 28 13:00:12","userid":"3431"}
{"action":"CREATE","docs":1,"date":"2016 Jun 29 12:00:12","userid":"9999"}
为了按日期(降序)获取每个唯一用户订单的记录,我使用了如下所示的Top Hits:
"aggs": {
"user_bucket": {
"terms": {
"field": "userid"
},
"aggs": {
"user_latest_count": {
"top_hits": {
"size": 1,
"sort": [
{
"data": {
"order": "desc"
}
}
],
"_source": {
"include": [
"docs"
]
}
}
}
}
}
}
以上查询的结果如下:
{"action":"REPLACE","docs":1,"date":"2016 Jun 27 13:00:12","userid":"1234"}
{"action":"REPLACE","docs":2,"date":"2016 Jun 28 13:00:12","userid":"3431"}
{"action":"CREATE","docs":1,"date":"2016 Jun 29 12:00:12","userid":"9999"}
现在,我想进一步聚合这个,结果如下: …
我正在探索Logstash以接收HTTP上的输入.我已经安装了http插件使用:
插件安装logstash-input-http
安装成功了.然后我尝试使用以下命令运行logstash:
logstash -e'input {http {port => 8900}} output {stdout {codec => rubydebug}}'
但是logstash终止而没有给出任何错误.
不知道如何验证插件是否安装正确.以及如何利用http插件测试示例请求.
提前致谢!
我期待在Logstash中收到的输入上使用数学运算,但是看不到任何此类过滤器。
输入如下:
{
"user_id": "User123",
"date": "2016 Jun 26 12:00:12",
"data": {
"doc_name": "mydocs.xls",
"doc_size": "8526587",
}
}
“ doc_size”字段将具有字节,我想添加一个新字段,例如“ doc_size_mb”,其中将包含以MB为单位的大小。
所以我想要一个简单的除法运算,例如:
doc_size_mb = doc_size /(1024 * 1024)
在我的 Logstash 中,我有以下配置:
filter {
mutate {
add_field => {
"doclength" => "%{size}"
}
convert => {"doclength" => "integer"}
remove_field => ["size"]
}
}
我打算将“ doclength ”字段作为整数存储到 ElasticSearch 中。但不知何故,在 ES 中,它仅将映射显示为“ string ”。
不确定我在这里缺少什么,预期的行为与实际的行为不匹配。