Elasticsearch分組聚合-查詢每一個A_logtype下有多少數據

時間 2019-12-05

標籤 elasticsearch 分組聚合查詢每一個 logtype 下有多少數據欄目日誌分析简体版

原文原文鏈接

Elasticsearch分組聚合curl

1.查詢指定索引下每一個A_logtype有多少數據測試

curl -XPOST 'localhost:19200/ylchou-0-2015-10-07/_search?pretty' -d 'url

{索引

"size": 0,it

"aggs": {io

"group_by_state": {ast

"terms": {test

"field": "A_logtype"im

}error

}

結果：

{

"took" : 33,

"timed_out" : false,

"_shards" : {

"total" : 1,

"successful" : 1,

"failed" : 0

"hits" : {

"total" : 30434,

"max_score" : 0.0,

"hits" : [ ]

"aggregations" : {

"group_by_state" : {

"doc_count_error_upper_bound" : 0,

"sum_other_doc_count" : 0,

"buckets" : [ {

"key" : "waf-214",

"doc_count" : 28928

}, {

"key" : "waf-358",

"doc_count" : 1506

} ]

}

2.查詢多個索引下每一個A_logtype下有多少數據

curl -XPOST 'localhost:19200/ylchou-0-2015-*/_search?pretty' -d '

{

"size": 0,

"aggs": {

"group_by_state": {

"terms": {

"field": "A_logtype"

}

結果：

{

"took" : 531,

"timed_out" : false,

"_shards" : {

"total" : 28,

"successful" : 28,

"failed" : 0

"hits" : {

"total" : 13477509,

"max_score" : 0.0,

"hits" : [ ]

"aggregations" : {

"group_by_state" : {

"doc_count_error_upper_bound" : 0,

"sum_other_doc_count" : 23151,

"buckets" : [ {

"key" : "error",

"doc_count" : 3880753

}, {

"key" : "draglog-168",

"doc_count" : 3566095

}, {

"key" : "策略測試數據004",

"doc_count" : 2999538

}, {

"key" : "syslog-37",

"doc_count" : 1284500

}, {

"key" : "waf-214",

"doc_count" : 667958

}, {

"key" : "QimingStar13",

"doc_count" : 646717

}, {

"key" : "136test",

"doc_count" : 201971

}, {

"key" : "標準化策略測試數據101",

"doc_count" : 161039

}, {

"key" : "Waf150test",

"doc_count" : 24208

}, {

"key" : "waf-358",

"doc_count" : 21579

} ]

}

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。