ELK|elasticsearch7 group by 多个条件


es中,也有类似mysql的,group by语法.格式如下:

GET /indexName/_search
{
  "size": 0,
  "aggs": {
    "aggregation_name": {
      "terms": {
        "field": "your_field",
        "size": 10000
      },
      "aggs":{
        "distinct_filed2"{
            "cardinality": {
                "field": "xxx.keyword"
            }
        }
      }
    }
  }
}

aggregation_name是规则名,可以任意取
your_field是group by的字段
size设置1000,是为了避免默认10条数据

distinct_filed2命名随意,返回结果里有
cardinality就是去重的意思了


相关博文

About rainbird

IOS攻城狮
This entry was posted in ELK and tagged , , , , , , , , , , , . Bookmark the permalink.

发表评论