我的书签
添加书签
移除书签聚合提供了从数据中分组和提取统计信息的功能。考虑聚合的最简单方法是将其大致等同于SQL GROUP BY和SQL聚合函数。在Elasticsearch中,您可以执行返回匹配的搜索,同时在一个响应中返回与命中相关的聚合结果。这是非常强大和高效的,因为您可以运行查询和多个聚合,并一次性获取两个(或任一)操作的结果,避免使用简洁和简化的API进行网络传输。
首先,此示例按状态对所有帐户进行分组,然后返回按计数降序排序的前10个(默认)状态(也是默认值):
GET /bank/_search{"size": 0,"aggs": {"group_by_state": {"terms": {"field": "state.keyword"}}}}
在SQL中,上述聚合在概念上类似于:
SELECT state, COUNT(*) FROM bank GROUP BY state ORDER BY COUNT(*) DESC LIMIT 10;
响应(部分显示):
{"took": 29,"timed_out": false,"_shards": {"total": 5,"successful": 5,"skipped" : 0,"failed": 0},"hits" : {"total" : {"value": 1000,"relation": "eq"},"max_score" : null,"hits" : [ ]},"aggregations" : {"group_by_state" : {"doc_count_error_upper_bound": 20,"sum_other_doc_count": 770,"buckets" : [ {"key" : "ID","doc_count" : 27}, {"key" : "TX","doc_count" : 27}, {"key" : "AL","doc_count" : 25}, {"key" : "MD","doc_count" : 25}, {"key" : "TN","doc_count" : 23}, {"key" : "MA","doc_count" : 21}, {"key" : "NC","doc_count" : 21}, {"key" : "ND","doc_count" : 21}, {"key" : "ME","doc_count" : 20}, {"key" : "MO","doc_count" : 20} ]}}}
我们可以看到ID(爱达荷州)有27个账户,其次是TX(德克萨斯州)的27个账户,其次是AL(阿拉巴马州)的25个账户,依此类推。
在前一个聚合的基础上,此示例按州计算平均帐户余额(同样仅针对按降序排序的前10个州):
GET /bank/_search{"size": 0,"aggs": {"group_by_state": {"terms": {"field": "state.keyword"},"aggs": {"average_balance": {"avg": {"field": "balance"}}}}}}
请注意我们如何嵌套group_by_state聚合中的average_balance聚合。这是所有聚合的常见模式。您可以在聚合中任意嵌套聚合,以从数据中提取所需的结果集。
在前一个聚合的基础上,我们现在按降序排列平均余额:
GET /bank/_search{"size": 0,"aggs": {"group_by_state": {"terms": {"field": "state.keyword","order": {"average_balance": "desc"}},"aggs": {"average_balance": {"avg": {"field": "balance"}}}}}}
此示例演示了我们如何按年龄段(20-29岁,30-39岁和40-49岁)进行分组,然后按性别进行分组,最后得到每个年龄段的平均帐户余额:
GET /bank/_search{"size": 0,"aggs": {"group_by_age": {"range": {"field": "age","ranges": [{"from": 20,"to": 30},{"from": 30,"to": 40},{"from": 40,"to": 50}]},"aggs": {"group_by_gender": {"terms": {"field": "gender.keyword"},"aggs": {"average_balance": {"avg": {"field": "balance"}}}}}}}}
还有许多其他聚合功能,我们在此不再详述。如果您想进行进一步的实验,聚合参考指南是一个很好的起点。
