聚合在Elasticsearch中的使用
系统中使用的ES环境不一定每篇文章都有,但是可以在合集中找到,关注《醉鱼Java》一起进步
环境
-
elasticsearch 8.1
搭建
version: '3.8'
services:
cerebro:
image: lmenezes/cerebro:0.8.3
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts.0.host=http://eshot:9200
networks:
- elastic
kibana:
image: docker.elastic.co/kibana/kibana:8.1.3
container_name: kibana
environment:
- I18N_LOCALE=zh-CN
- XPACK_GRAPH_ENABLED=true
- TIMELION_ENABLED=true
- XPACK_MONITORING_COLLECTION_ENABLED="true"
- ELASTICSEARCH_HOSTS=http://eshot:9200
- server.publicBaseUrl=http://192.168.160.234:5601
ports:
- "5601:5601"
networks:
- elastic
eshot:
image: elasticsearch:8.1.3
container_name: eshot
environment:
- node.name=eshot
- cluster.name=es-docker-cluster
- discovery.seed_hosts=eshot,eswarm,escold
- cluster.initial_master_nodes=eshot,eswarm,escold
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=false
- node.attr.node_type=hot
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- D:\zuiyuftp\docker\es8.1\eshot\data:/usr/share/elasticsearch/data
- D:\zuiyuftp\docker\es8.1\eshot\logs:/usr/share/elasticsearch/logs
- D:\zuiyuftp\docker\es8.1\eshot\plugins:/usr/share/elasticsearch/plugins
ports:
- 9200:9200
networks:
- elastic
eswarm:
image: elasticsearch:8.1.3
container_name: eswarm
environment:
- node.name=eswarm
- cluster.name=es-docker-cluster
- discovery.seed_hosts=eshot,eswarm,escold
- cluster.initial_master_nodes=eshot,eswarm,escold
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=false
- node.attr.node_type=warm
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- D:\zuiyuftp\docker\es8.1\eswarm\data:/usr/share/elasticsearch/data
- D:\zuiyuftp\docker\es8.1\eswarm\logs:/usr/share/elasticsearch/logs
- D:\zuiyuftp\docker\es8.1\eshot\plugins:/usr/share/elasticsearch/plugins
networks:
- elastic
escold:
image: elasticsearch:8.1.3
container_name: escold
environment:
- node.name=escold
- cluster.name=es-docker-cluster
- discovery.seed_hosts=eshot,eswarm,escold
- cluster.initial_master_nodes=eshot,eswarm,escold
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=false
- node.attr.node_type=cold
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- D:\zuiyuftp\docker\es8.1\escold\data:/usr/share/elasticsearch/data
- D:\zuiyuftp\docker\es8.1\escold\logs:/usr/share/elasticsearch/logs
- D:\zuiyuftp\docker\es8.1\eshot\plugins:/usr/share/elasticsearch/plugins
networks:
- elastic
# volumes:
# eshotdata:
# driver: local
# eswarmdata:
# driver: local
# escolddata:
# driver: local
networks:
elastic:
driver: bridge
什么是聚合?
在Elasticsearch中,聚合是一种功能强大的数据处理技术,它允许我们对索引中的数据进行多种计算和分析操作。聚合可以理解为对数据集进行分组,并在每个分组上执行各种指标计算,类似于SQL中的GROUP BY和聚合函数。
示例数据
为了验证聚合功能,我们将使用一个示例数据集,假设我们有一个存储了商品信息的索引,包含以下字段:
-
product_name:商品名称 -
category:商品分类 -
price:商品价格 -
quantity:商品数量 -
manufacturer:制造商 -
timestamp:记录时间戳
下面我们导入测试数据
创建索引
PUT /zfc-doc-000001
{
"settings": {
"index":{
"number_of_shards":3,
"number_of_replicas":2
}
},
"mappings": {
"properties": {
"product_name":{
"type":"keyword"
},
"category":{
"type":"keyword"
},
"price":{
"type": "integer"
},
"quantity":{
"type": "integer"
},
"manufacturer":{
"type": "keyword"
},
"timestamp":{
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
}
}
}
}
添加数据
PUT _bulk
{"index":{"_index":"zfc-doc-000002","_id":"1"}}
{"product_name": "iPhone 12","category": "Electronics","price": 999,"quantity": 50,"manufacturer": "Apple","timestamp": "2023-07-24 10:00:00"}
{"index":{"_index":"zfc-doc-000002","_id":"2"}}
{"product_name": "Samsung Galaxy S21","category": "Electronics","price": 799,"quantity": 30,"manufacturer": "Samsung","timestamp": "2023-07-24 11:30:00"}
{"index":{"_index":"zfc-doc-000002","_id":"3"}}
{"product_name": "Sony Bravia 65-inch TV","category": "Electronics","price": 1499,"quantity": 20,"manufacturer": "Sony","timestamp": "2023-07-24 13:15:00"}
{"index":{"_index":"zfc-doc-000002","_id":"4"}}
{"product_name": "HP Spectre x360","category": "Electronics","price": 1299,"quantity": 25,"manufacturer": "HP","timestamp": "2023-07-24 15:45:00"}
{"index":{"_index":"zfc-doc-000002","_id":"5"}}
{"product_name": "Dell XPS 15", "category": "Electronics","price": 1399,"quantity": 15,"manufacturer": "Dell","timestamp": "2023-07-24 17:20:00"}
{"index":{"_index":"zfc-doc-000002","_id":"6"}}
{"product_name": "Nike Air Zoom Pegasus 38", "category": "Sports","price": 119,"quantity": 100,"manufacturer": "Nike","timestamp": "2023-07-24 09:30:00"}
{"index":{"_index":"zfc-doc-000002","_id":"7"}}
{"product_name": "Adidas Ultraboost 21","category": "Sports","price": 129,"quantity": 80,"manufacturer": "Adidas","timestamp": "2023-07-24 10:45:00"}
{"index":{"_index":"zfc-doc-000002","_id":"8"}}
{"product_name": "Canon EOS Rebel T7i","category": "Electronics","price": 699,"quantity": 10,"manufacturer": "Canon","timestamp": "2023-07-24 14:05:00"}
{"index":{"_index":"zfc-doc-000002","_id":"9"}}
{"product_name": "LG 55-inch 4K TV", "category": "Electronics","price": 899,"quantity": 30,"manufacturer": "LG","timestamp": "2023-07-24 16:30:00"}
{"index":{"_index":"zfc-doc-000002","_id":"10"}}
{"product_name": "Lenovo ThinkPad X1 Carbon", "category": "Electronics","price": 1599,"quantity": 18,"manufacturer": "Lenovo","timestamp": "2023-07-24 18:10:00"}
聚合示例
1. 词条聚合(Terms Aggregation)
词条聚合是一种用于对文本字段进行分组的聚合方式,它会将相同值的文档分到同一个桶(Bucket)中,并计算每个桶中文档的数量。
示例查询:
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"category_count": {
"terms": {
"field": "category",
"size": 10
}
}
}
}
解释:
-
"size": 0:表示只返回聚合结果,不返回实际文档数据。 -
"aggs":定义聚合操作。 -
"category_count":自定义的聚合名称,用于标识结果。 -
"terms":指定使用词条聚合。 -
"field": "category":指定要进行聚合的字段。
2. 嵌套聚合(Nested Aggregation)
嵌套聚合允许在一个桶内进行更深层次的聚合操作。例如,我们可以先按分类分组,然后在每个分类内再按制造商进行分组,并计算每个分类下的平均价格。
示例查询:
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"category_group": {
"terms": {
"field": "category",
"size": 10
},
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
}
}
}
解释:
-
"aggs":定义聚合操作。 -
"category_group":自定义的聚合名称,用于标识结果。 -
"terms":指定使用词条聚合。 -
"field": "category":指定要进行聚合的字段。 -
"avg_price":自定义的聚合名称,用于标识结果。 -
"avg":指定使用平均值聚合。 -
"field": "price":指定要进行聚合的数值字段。
3.直方图聚合示例(Histogram)
假设我们希望根据商品价格(price字段)创建一个价格区间的直方图,将商品按照价格范围进行分组,并统计每个价格区间内的商品数量。
示例查询:
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"price_histogram": {
"histogram": {
"field": "price",
"interval": 200
}
}
}
}
解释:
-
"aggs":定义聚合操作。 -
"price_histogram":自定义的聚合名称,用于标识结果。 -
"histogram":指定使用直方图聚合。 -
"field": "price":指定要进行聚合的数值字段,即商品价格。 -
"interval": 200:指定直方图的间隔大小,这里设置为200表示将价格范围划分为200的区间,例如:0-200、200-400、400-600等。
4.范围聚合示例(Range)
范围聚合允许我们根据指定的范围条件将文档分组,例如:按价格范围进行分组并统计每个价格范围内的商品数量。
示例查询:
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"price_ranges": {
"range": {
"field": "price",
"ranges": [
{ "from": 0, "to": 200 },
{ "from": 200, "to": 500 },
{ "from": 500, "to": 1000 },
{ "from": 1000 }
]
}
}
}
}
解释:
-
"aggs":定义聚合操作。 -
"price_ranges":自定义的聚合名称,用于标识结果。 -
"range":指定使用范围聚合。 -
"field": "price":指定要进行聚合的数值字段,即商品价格。 -
"ranges":指定价格范围的条件数组。-
{ "from": 0, "to": 200 }:表示价格从0到200之间的商品。 -
{ "from": 200, "to": 500 }:表示价格从200到500之间的商品。 -
{ "from": 500, "to": 1000 }:表示价格从500到1000之间的商品。 -
{ "from": 1000 }:表示价格大于等于1000的商品。
-
5. 统计聚合(Stats Aggregation)
统计聚合可以对数值字段进行计算,包括最小值、最大值、平均值、总和和文档数量。
示例查询:
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"price_stats": {
"stats": {
"field": "price"
}
}
}
}
解释:
-
"aggs":定义聚合操作。 -
"price_stats":自定义的聚合名称,用于标识结果。 -
"stats":指定使用统计聚合。 -
"field": "price":指定要进行聚合的数值字段。
我们上面在统计聚合中可以获取很多值,那么我们也可以细化单独获取某一个的聚合结果。
6. 平均值聚合(Avg Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
}
7. 总和聚合(Sum Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"total_price": {
"sum": {
"field": "price"
}
}
}
}
8. 最小值聚合(Min Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"min_price": {
"min": {
"field": "price"
}
}
}
}
9. 最大值聚合(Max Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"max_price": {
"max": {
"field": "price"
}
}
}
}
10. 扩展统计聚合(Extended Stats Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"price_stats_extended": {
"extended_stats": {
"field": "price"
}
}
}
}
11. 百分位数聚合(Percentiles Aggregation)
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"price_percentiles": {
"percentiles": {
"field": "price",
"percents": [25, 50, 75, 90]
}
}
}
}
12. 日期直方图聚合(Date Histogram Aggregation)
假设有一个名为timestamp的日期字段,我们可以进行日期直方图聚合,按照日期进行分组并统计每个时间段内的文档数量。文章来源:https://www.toymoban.com/news/detail-638268.html
GET zfc-doc-000002/_search
{
"size": 0,
"aggs": {
"date_histogram_agg": {
"date_histogram": {
"field": "timestamp",
"fixed_interval": "1h"
}
}
}
}
本文由 mdnice 多平台发布文章来源地址https://www.toymoban.com/news/detail-638268.html
到了这里,关于聚合在Elasticsearch中的使用及示例验证的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
