本文主要是介绍ElasticSearch Aggregation(八),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
文章目录
- ElasticSearch Aggregation(八)
- 管道聚合
- cumulative sum聚合
- 语法
- Derivative 聚合
- extended stats bucket聚合
- 语法
- 最大桶聚合
- 语法
- 最小桶聚合
- moving function聚合
- 语法
- 自定义用户脚本
- 内置函数
- Moving percentiles聚合
- 语法
- 百分位桶聚合
- 语法
- stats bucket聚合
- 语法
- sum bucket聚合
- 语法
ElasticSearch Aggregation(八)
管道聚合
cumulative sum聚合
一种父管道聚合,它计算父直方图聚合中指定指标的累积和(当前分桶指标的累积和等于前几个桶指标的累加总和)。指定的指标必须是数值,并且外围的直方图必须将min_doc_count设置为0(直方图聚合的默认值)。
语法
cumulative_sum语法为:
{"cumulative_sum": {"buckets_path": "the_sum"}
}
以下代码段计算每月总销售额的累计总和:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}},"cumulative_sales": {"cumulative_sum": {"buckets_path": "sales" }}}}}
}
'响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0},"cumulative_sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0},"cumulative_sales": {"value": 610.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0},"cumulative_sales": {"value": 985.0}}]}}
}
通过以上例子中2015/03/01 00:00:00桶中的累积和聚合为例。他的累积和等会550.0+60.0+375.0=985.0。
Derivative 聚合
衍生聚合。略
extended stats bucket聚合
同级管道聚合,它计算同级聚合中指定指标的所有存储桶的各种统计信息。指定的指标必须是数字,同级聚合必须是多桶聚合。
语法
extended_stats_bucket聚合语法为:
{"extended_stats_bucket": {"buckets_path": "the_sum"}
}
以下代码段计算每月销售桶的扩展统计数据:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}}}},"stats_monthly_sales": {"extended_stats_bucket": {"buckets_path": "sales_per_month>sales" }}}
}
'
响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0}}]},"stats_monthly_sales": {"count": 3,"min": 60.0,"max": 550.0,"avg": 328.3333333333333,"sum": 985.0,"sum_of_squares": 446725.0,"variance": 41105.55555555556,"variance_population": 41105.55555555556,"variance_sampling": 61658.33333333334,"std_deviation": 202.74505063146563,"std_deviation_population": 202.74505063146563,"std_deviation_sampling": 248.3109609609156,"std_deviation_bounds": {"upper": 733.8234345962646,"lower": -77.15676792959795,"upper_population" : 733.8234345962646,"lower_population" : -77.15676792959795,"upper_sampling" : 824.9552552551645,"lower_sampling" : -168.28858858849787}}}
}
最大桶聚合
一个同级管道聚合,它用同级聚合中指定指标的最大值来标识桶,并输出桶的值和键。指定的指标必须是数值,并且同级聚合必须是多桶聚合。
语法
max_bucket语法如下:
{"max_bucket": {"buckets_path": "the_sum"}
}
以下代码段计算每月总销售额的最大值:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}}}},"max_monthly_sales": {"max_bucket": {"buckets_path": "sales_per_month>sales" }}}
}
'
以下可能是响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0}}]},"max_monthly_sales": {"keys": ["2015/01/01 00:00:00"], "value": 550.0}}
}
最小桶聚合
与最大桶聚合类似
moving function聚合
给定一系列有序的数据,Moving Function聚合将在数据之间生成一个滑动窗口,并允许用户指定在每个数据窗口上执行自定义脚本。为了方便起见,预定义了一些常用函数,如最小/最大值、移动平均值等。
语法
moving_fn聚合语法如下:
{"moving_fn": {"buckets_path": "the_sum","window": 10,"script": "MovingFunctions.min(values)"}
}
moving_fn 聚合必须嵌入到直方图或 date_histogram 聚合中。它们可以像任何其他指标聚合一样嵌入:
curl -X POST "localhost:9200/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"my_date_histo": { "date_histogram": {"field": "date","calendar_interval": "1M"},"aggs": {"the_sum": {"sum": { "field": "price" } },"the_movfn": {"moving_fn": {"buckets_path": "the_sum", "window": 10,"script": "MovingFunctions.unweightedAvg(values)"}}}}}
}
'
移动平均通过第一个指定的histogram或者date_histogram上的字段来构建。然后,您可以选择在该直方图中添加数字指标,例如总和。最后,moving_fn 被嵌入到直方图中。然后buckets_path 参数用于“指向”直方图中的同级指标之一。
来自上述聚合的示例响应可能如下所示:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"my_date_histo": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"the_sum": {"value": 550.0},"the_movfn": {"value": null}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"the_sum": {"value": 60.0},"the_movfn": {"value": 550.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"the_sum": {"value": 375.0},"the_movfn": {"value": 305.0}}]}}
}
自定义用户脚本
移动函数聚合允许用户指定任意脚本来定义自定义逻辑。每次收集新的数据窗口时都会调用该脚本。这些值在values变量中提供给脚本。然后,脚本应该执行某种计算,并生成一个double作为结果。不允许发出null,尽管NaN和+/- Inf是允许的。
例如,此脚本将简单地返回窗口中的第一个值,如果没有可用值,则返回 NaN:
curl -X POST "localhost:9200/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"my_date_histo": {"date_histogram": {"field": "date","calendar_interval": "1M"},"aggs": {"the_sum": {"sum": { "field": "price" }},"the_movavg": {"moving_fn": {"buckets_path": "the_sum","window": 10,"script": "return values.length > 0 ? values[0] : Double.NaN"}}}}}
}
'
内置函数
max()min()sum()stdDev()unweightedAvg()linearWeightedAvg()ewma()holt()holtWinters()
这些函数可从 MovingFunctions 命名空间获得。例如。MovingFunctions.max()
Moving percentiles聚合
给定一系列有序的百分位数,移动百分位数聚合将在这些百分位数上滑动一个窗口,并允许用户计算累积百分位数
这在概念上与移动函数管道聚合非常相似,不同之处在于它适用于百分位数草图而不是实际的桶值。
语法
move_percentiles 聚合看起来像这样:
{"moving_percentiles": {"buckets_path": "the_percentile","window": 10}
}
move_percentiles 聚合必须嵌入到 histogram 或 date_histogram 聚合中。它们可以像任何其他指标聚合一样嵌入:
curl -X POST "localhost:9200/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"my_date_histo": { "date_histogram": {"field": "date","calendar_interval": "1M"},"aggs": {"the_percentile": { "percentiles": {"field": "price","percents": [ 1.0, 99.0 ]}},"the_movperc": {"moving_percentiles": {"buckets_path": "the_percentile", "window": 10}}}}}
}
'
以下可能是响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"my_date_histo": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"the_percentile": {"values": {"1.0": 150.0,"99.0": 200.0}}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"the_percentile": {"values": {"1.0": 10.0,"99.0": 50.0}},"the_movperc": {"values": {"1.0": 150.0,"99.0": 200.0}}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"the_percentile": {"values": {"1.0": 175.0,"99.0": 200.0}},"the_movperc": {"values": {"1.0": 10.0,"99.0": 200.0}}}]}}
}
百分位桶聚合
同级管道聚合,计算同级聚合中指定指标的所有bucket的百分比。指定的指标必须是数值,并且同级聚合必须是多桶聚合。
语法
percentiles_bucket` 聚合看起来像这样:
{"percentiles_bucket": {"buckets_path": "the_sum"}
}
以下代码段计算每月总销售额的百分位数:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}}}},"percentiles_monthly_sales": {"percentiles_bucket": {"buckets_path": "sales_per_month>sales", "percents": [ 25.0, 50.0, 75.0 ] }}}
}
'
以下可能是响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0}}]},"percentiles_monthly_sales": {"values" : {"25.0": 375.0,"50.0": 375.0,"75.0": 550.0}}}
}
stats bucket聚合
同级管道聚合,它计算同级聚合中指定度量的所有bucket的各种统计信息。指定的度量必须是数值,并且同级聚合必须是多桶聚合。
语法
stats_bucket 聚合如下所示:
{"stats_bucket": {"buckets_path": "the_sum"}
}
以下代码段计算每月销售额的统计数据:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}}}},"stats_monthly_sales": {"stats_bucket": {"buckets_path": "sales_per_month>sales" }}}
}
'
以下可能是响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0}}]},"stats_monthly_sales": {"count": 3,"min": 60.0,"max": 550.0,"avg": 328.3333333333333,"sum": 985.0}}
}
sum bucket聚合
一个同级管道聚合,它计算同级聚合中指定度量的所有桶的总和。指定的度量必须是数值,并且同级聚合必须是多桶聚合。
语法
sum_bucket 聚合看起来像这样:
{"sum_bucket": {"buckets_path": "the_sum"}
}
以下代码段计算所有每月总销售额的总和:
curl -X POST "localhost:9200/sales/_search?pretty" -H 'Content-Type: application/json' -d'
{"size": 0,"aggs": {"sales_per_month": {"date_histogram": {"field": "date","calendar_interval": "month"},"aggs": {"sales": {"sum": {"field": "price"}}}},"sum_monthly_sales": {"sum_bucket": {"buckets_path": "sales_per_month>sales" }}}
}
'
以下可能是响应:
{"took": 11,"timed_out": false,"_shards": ...,"hits": ...,"aggregations": {"sales_per_month": {"buckets": [{"key_as_string": "2015/01/01 00:00:00","key": 1420070400000,"doc_count": 3,"sales": {"value": 550.0}},{"key_as_string": "2015/02/01 00:00:00","key": 1422748800000,"doc_count": 2,"sales": {"value": 60.0}},{"key_as_string": "2015/03/01 00:00:00","key": 1425168000000,"doc_count": 2,"sales": {"value": 375.0}}]},"sum_monthly_sales": {"value": 985.0}}
}
这篇关于ElasticSearch Aggregation(八)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
