热门标签
热门文章
- 1如何培养程序员的领导力?_程序员如何培养自己的管理能力
- 2【1】MongoDB的安装以及连接_mongodb怎么连接
- 3Linux 安装 Gitblit_gitblit linux 安装
- 42022卡塔尔世界杯互动游戏|运营策略_世界杯 运营 活动 游戏
- 5vivado的RTL设计与联合modelsim仿真_vivado可以生成rtl
- 6目前常见的Linux操作系统_linux操作系统分类
- 7京东软件测试岗:不忍直视的三面,幸好做足了准备,月薪18k,已拿offer_京东测开三面
- 8视觉应用线扫相机速度反馈(倍福CX7000PLC应用)
- 9GPT3.5、GPT4、GPT4o的性能对比_gpt3.5和gpt4o
- 10【C语言题解】1、写一个宏来计算结构体中某成员相对于首地址的偏移量;2、写一个宏来交换一个整数二进制的奇偶位
当前位置: article > 正文
ElasticSearch聚合操作_es聚合操作
作者:正经夜光杯 | 2024-07-07 09:29:53
赞
踩
es聚合操作
Elasticsearch除搜索以外,提供了针对ES 数据进行统计分析的功能。聚合(aggregations)可以让我们极其方便的实现对数据的统计、分析、运算。例如:
- 什么品牌的手机最受欢迎?
- 这些手机的平均价格、最高价格、最低价格?
- 这些手机每月的销售情况如何?
使用场景
聚合查询可以用于各种场景,比如商业智能、数据挖掘、日志分析等等。
电商平台的销售分析:统计每个地区的销售额、每个用户的消费总额、每个产品的销售量等,以便更好地了解销售情况和趋势。
社交媒体的用户行为分析:统计每个用户的发布次数、转发次数、评论次数等,以便更好地了解用户行为和趋势,同时可以将数据按照地区、时间、话题等维度进行分析。
物流企业的运输分析:统计每个区域的运输量、每个车辆的运输次数、每个司机的行驶里程等,以便更好地了解运输情况和优化运输效率。
金融企业的交易分析:统计每个客户的交易总额、每个产品的销售量、每个交易员的业绩等,以便更好地了解交易情况和优化业务流程。
智能家居的设备监控分析:统计每个设备的使用次数、每个家庭的能源消耗量、每个时间段的设备使用率等,以便更好地了解用户需求和优化设备效能。
基本语法
聚合查询的语法结构与其他查询相似,通常包含以下部分:
- 查询条件:指定需要聚合的文档,可以使用标准的 Elasticsearch 查询语法,如 term、match、range 等等。
- 聚合函数:指定要执行的聚合操作,如 sum、avg、min、max、terms、date_histogram 等等。每个聚合命令都会生成一个聚合结果。
- 聚合嵌套:聚合命令可以嵌套,以便更细粒度地分析数据。
- GET <index_name>/_search
- {
- "aggs": {
- "<aggs_name>": { // 聚合名称需要自己定义
- "<agg_type>": {
- "field": "<field_name>"
- }
- }
- }
- }
- // aggs_name:聚合函数的名称
- // agg_type:聚合种类,比如是桶聚合(terms)或者是指标聚合(avg、sum、min、max等)
- // field_name:字段名称或者叫域名。
1 聚合的分类
- Metric Aggregation:—些数学运算,可以对文档字段进行统计分析,类比sql中的 min(), max(), sum() 操作。
- SELECT MIN(price), MAX(price) FROM products
- #Metric聚合的DSL类比实现:
- {
- "aggs":{
- "avg_price":{
- "avg":{
- "field":"price"
- }
- }
- }
- }
- Bucket Aggregation: 一些满足特定条件的文档的集合放置到一个桶里,每一个桶关联一个key,类比sql中的group by操作。
- SELECT size COUNT(*) FROM products GROUP BY size
- #bucket聚合的DSL类比实现:
- {
- "aggs": {
- "by_size": {
- "terms": {
- "field": "size"
- }
- }
- }
- Pipeline Aggregation:对其他的聚合结果进行二次聚合
示例数据
- DELETE /employees
- #创建索引库
- PUT /employees
- {
- "mappings": {
- "properties": {
- "age":{
- "type": "integer"
- },
- "gender":{
- "type": "keyword"
- },
- "job":{
- "type" : "text",
- "fields" : {
- "keyword" : {
- "type" : "keyword",
- "ignore_above" : 50
- }
- }
- },
- "name":{
- "type": "keyword"
- },
- "salary":{
- "type": "integer"
- }
- }
- }
- }
-
- PUT /employees/_bulk
- { "index" : { "_id" : "1" } }
- { "name" : "Emma","age":32,"job":"Product Manager","gender":"female","salary":35000 }
- { "index" : { "_id" : "2" } }
- { "name" : "Underwood","age":41,"job":"Dev Manager","gender":"male","salary": 50000}
- { "index" : { "_id" : "3" } }
- { "name" : "Tran","age":25,"job":"Web Designer","gender":"male","salary":18000 }
- { "index" : { "_id" : "4" } }
- { "name" : "Rivera","age":26,"job":"Web Designer","gender":"female","salary": 22000}
- { "index" : { "_id" : "5" } }
- { "name" : "Rose","age":25,"job":"QA","gender":"female","salary":18000 }
- { "index" : { "_id" : "6" } }
- { "name" : "Lucy","age":31,"job":"QA","gender":"female","salary": 25000}
- { "index" : { "_id" : "7" } }
- { "name" : "Byrd","age":27,"job":"QA","gender":"male","salary":20000 }
- { "index" : { "_id" : "8" } }
- { "name" : "Foster","age":27,"job":"Java Programmer","gender":"male","salary": 20000}
- { "index" : { "_id" : "9" } }
- { "name" : "Gregory","age":32,"job":"Java Programmer","gender":"male","salary":22000 }
- { "index" : { "_id" : "10" } }
- { "name" : "Bryant","age":20,"job":"Java Programmer","gender":"male","salary": 9000}
- { "index" : { "_id" : "11" } }
- { "name" : "Jenny","age":36,"job":"Java Programmer","gender":"female","salary":38000 }
- { "index" : { "_id" : "12" } }
- { "name" : "Mcdonald","age":31,"job":"Java Programmer","gender":"male","salary": 32000}
- { "index" : { "_id" : "13" } }
- { "name" : "Jonthna","age":30,"job":"Java Programmer","gender":"female","salary":30000 }
- { "index" : { "_id" : "14" } }
- { "name" : "Marshall","age":32,"job":"Javascript Programmer","gender":"male","salary": 25000}
- { "index" : { "_id" : "15" } }
- { "name" : "King","age":33,"job":"Java Programmer","gender":"male","salary":28000 }
- { "index" : { "_id" : "16" } }
- { "name" : "Mccarthy","age":21,"job":"Javascript Programmer","gender":"male","salary": 16000}
- { "index" : { "_id" : "17" } }
- { "name" : "Goodwin","age":25,"job":"Javascript Programmer","gender":"male","salary": 16000}
- { "index" : { "_id" : "18" } }
- { "name" : "Catherine","age":29,"job":"Javascript Programmer","gender":"female","salary": 20000}
- { "index" : { "_id" : "19" } }
- { "name" : "Boone","age":30,"job":"DBA","gender":"male","salary": 30000}
- { "index" : { "_id" : "20" } }
- { "name" : "Kathy","age":29,"job":"DBA","gender":"female","salary": 20000}
2 Metric Aggregation
- 单值分析︰只输出一个分析结果
- min, max, avg, sum
- Cardinality(类似distinct Count)
- 多值分析:输出多个分析结果
- stats(统计), extended stats
- percentile (百分位), percentile rank
- top hits(排在前面的示例)
- 查询员工的最低最高和平均工资
- #多个 Metric 聚合,找到最低最高和平均工资
- GET /employees/_search
- {
- "size": 0,
- "aggs": {
- "max_salary": {
- "max": {
- "field": "salary"
- }
- },
- "min_salary": {
- "min": {
- "field": "salary"
- }
- },
- "avg_salary": {
- "avg": {
- "field": "salary"
- }
- }
- }
- }
- 对salary进行统计
- # 一个聚合,输出多值
- GET /employees/_search
- {
- "size": 0,
- "aggs": {
- "stats_salary": {
- "stats": {
- "field":"salary"
- }
- }
- }
- }
- cardinate对搜索结果去重
- POST /employees/_search
- {
- "size": 0,
- "aggs": {
- "cardinate": {
- "cardinality": {
- "field": "job.keyword"
- }
- }
- }
- }
3 Bucket Aggregation
按照一定的规则,将文档分配到不同的桶中,从而达到分类的目的。ES提供的一些常见的 Bucket Aggregation。
- Terms,需要字段支持filedata
- keyword 默认支持fielddata
- text需要在Mapping 中开启fielddata,会按照分词后的结果进行分桶。
- 数字类型
- Range / Data Range
- Histogram(直方图) / Date Histogram
- 支持嵌套: 也就在桶里再做分桶
桶聚合可以用于各种场景,例如:
- 对数据进行分组统计,比如按照地区、年龄段、性别等字段进行分组统计。
- 对时间序列数据进行时间段分析,比如按照每小时、每天、每月、每季度、每年等时间段进行分析。
- 对各种标签信息分类,并统计其数量。
3.1 获取job的分类信息
- # 对keword 进行聚合
- GET /employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword"
- }
- }
- }
- }
聚合可配置属性有:
- field:指定聚合字段
- size:指定聚合结果数量
- order:指定聚合结果排序方式
默认情况下,Bucket聚合会统计Bucket内的文档数量,记为_count,并且按照_count降序排序。我们可以指定order属性,自定义聚合的排序方式:
- GET /employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword",
- "size": 10,
- "order": {
- "_count": "desc"
- }
- }
- }
- }
- }
3.2 限定聚合范围
- #只对salary在10000元以上的文档聚合
- GET /employees/_search
- {
- "query": {
- "range": {
- "salary": {
- "gte": 10000
- }
- }
- },
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword",
- "size": 10,
- "order": {
- "_count": "desc"
- }
- }
- }
- }
- }
注意:对 Text 字段进行 terms 聚合查询,会失败抛出异常。
- POST /employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job"
- }
- }
- }
- }
解决办法:对 Text 字段打开 fielddata,支持terms aggregation
- PUT /employees/_mapping
- {
- "properties" : {
- "job":{
- "type": "text",
- "fielddata": true
- }
- }
- }
-
- # 对 Text 字段进行分词,分词后的terms
- POST /employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job"
- }
- }
- }
- }
对job.keyword 和 job 进行 terms 聚合,分桶的总数并不一样。
- POST /employees/_search
- {
- "size": 0,
- "aggs": {
- "cardinate": {
- "cardinality": {
- "field": "job"
- }
- }
- }
- }
3.3 Range & Histogram聚合
- 按照数字的范围,进行分桶;
- 在Range Aggregation中,可以自定义Key。
- Range 示例:按照工资的 Range 分桶
- Salary Range分桶,可以自己定义 key
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "salary_range": {
- "range": {
- "field":"salary",
- "ranges":[
- {
- "to":10000
- },
- {
- "from":10000,
- "to":20000
- },
- {
- "key":">20000",
- "from":20000
- }
- ]
- }
- }
- }
- }
- Histogram示例:按照工资的间隔分桶
- #工资0到10万,以 5000一个区间进行分桶
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "salary_histrogram": {
- "histogram": {
- "field":"salary",
- "interval":5000,
- "extended_bounds":{
- "min":0,
- "max":100000
- }
- }
- }
- }
- }
- top_hits应用场景: 当获取分桶后,桶内最匹配的顶部文档列表;
- # 指定size,不同工种中,年纪最大的3个员工的具体信息
- POST /employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword"
- },
- "aggs":{
- "old_employee":{
- "top_hits":{
- "size":3,
- "sort":[
- {
- "age":{
- "order":"desc"
- }
- }
- ]
- }
- }
- }
- }
- }
- }
4 Pipeline Aggregation
支持对聚合分析的结果,再次进行聚合分析。
Pipeline 的分析结果会输出到原结果中,根据位置的不同,分为两类:
- Sibling - 结果和现有分析结果同级
- Max,min,Avg & Sum Bucket
- Stats,Extended Status Bucket
- Percentiles Bucket
- Parent -结果内嵌到现有的聚合分析结果之中
- Derivative(求导)
- Cumultive Sum(累计求和)
- Moving Function(移动平均值 )
- min_bucket示例
在员工数最多的工种里,找出平均工资最低的工种。
- # 平均工资最低的工种
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field": "job.keyword",
- "size": 10
- },
- "aggs": {
- "avg_salary": {
- "avg": {
- "field": "salary"
- }
- }
- }
- },
- "min_salary_by_job":{
- "min_bucket": {
- "buckets_path": "jobs>avg_salary"
- }
- }
- }
- }
- min_salary_by_job结果和jobs的聚合同级
- min_bucket求之前结果的最小值
- 通过bucket_path关键字指定路径
- Stats示例
- # 平均工资的统计分析
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field": "job.keyword",
- "size": 10
- },
- "aggs": {
- "avg_salary": {
- "avg": {
- "field": "salary"
- }
- }
- }
- },
- "stats_salary_by_job":{
- "stats_bucket": {
- "buckets_path": "jobs>avg_salary"
- }
- }
- }
- }
- percentiles示例
- # 平均工资的百分位数
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field": "job.keyword",
- "size": 10
- },
- "aggs": {
- "avg_salary": {
- "avg": {
- "field": "salary"
- }
- }
- }
- },
- "percentiles_salary_by_job":{
- "percentiles_bucket": {
- "buckets_path": "jobs>avg_salary"
- }
- }
- }
- }
- Cumulative_sum示例
- #Cumulative_sum 累计求和
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "age": {
- "histogram": {
- "field": "age",
- "min_doc_count": 0,
- "interval": 1
- },
- "aggs": {
- "avg_salary": {
- "avg": {
- "field": "salary"
- }
- },
- "cumulative_salary":{
- "cumulative_sum": {
- "buckets_path": "avg_salary"
- }
- }
- }
- }
- }
- }
5 聚合的作用范围
ES聚合分析的默认作用范围是query的查询结果集,同时ES还支持以下方式改变聚合的作用范围:
- Filter
- Post Filter
- Global
- #Query
- POST employees/_search
- {
- "size": 0,
- "query": {
- "range": {
- "age": {
- "gte": 20
- }
- }
- },
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword"
-
- }
- }
- }
- }
-
- #Filter
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "older_person": {
- "filter":{
- "range":{
- "age":{
- "from":35
- }
- }
- },
- "aggs":{
- "jobs":{
- "terms": {
- "field":"job.keyword"
- }
- }
- }},
- "all_jobs": {
- "terms": {
- "field":"job.keyword"
-
- }
- }
- }
- }
-
- #Post field. 一条语句,找出所有的job类型。还能找到聚合后符合条件的结果
- POST employees/_search
- {
- "aggs": {
- "jobs": {
- "terms": {
- "field": "job.keyword"
- }
- }
- },
- "post_filter": {
- "match": {
- "job.keyword": "Dev Manager"
- }
- }
- }
-
- #global
- POST employees/_search
- {
- "size": 0,
- "query": {
- "range": {
- "age": {
- "gte": 40
- }
- }
- },
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword"
-
- }
- },
- "all":{
- "global":{},
- "aggs":{
- "salary_avg":{
- "avg":{
- "field":"salary"
- }
- }
- }
- }
- }
- }
6 排序
指定order,按照count和key进行排序:
- 默认情况,按照count降序排序
- 指定size,就能返回相应的桶
- #排序 order
- #count and key
- POST employees/_search
- {
- "size": 0,
- "query": {
- "range": {
- "age": {
- "gte": 20
- }
- }
- },
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword",
- "order":[
- {"_count":"asc"},
- {"_key":"desc"}
- ]
- }
- }
- }
- }
-
- #排序 order
- #count and key
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword",
- "order":[ {
- "avg_salary":"desc"
- }]
- },
- "aggs": {
- "avg_salary": {
- "avg": {
- "field":"salary"
- }
- }
- }
- }
- }
- }
-
- #排序 order
- #count and key
- POST employees/_search
- {
- "size": 0,
- "aggs": {
- "jobs": {
- "terms": {
- "field":"job.keyword",
- "order":[ {
- "stats_salary.min":"desc"
- }]
- },
- "aggs": {
- "stats_salary": {
- "stats": {
- "field":"salary"
- }
- }
- }
- }
- }
- }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/正经夜光杯/article/detail/795278
推荐阅读
相关标签
