Elasticsearch的buckets(桶)包含Histogram、Date Histogram、Range、Date Range、Terms、IPv4 Range、Significant Terms等;
1.Histogram:
SELECT * FROM INDEX-2017-12 GROUP BY (histogram('alias'='log_date.mthAggs', 'interval'='1', 'field'='log_date.mth'))2.
Date Histogram:
SELECT * FROM INDEX-2017-12 GROUP BY (date_histogram('format'='yyyy-MM', 'alias'='@timestampAggs', 'interval'='1M', 'field'='@timestamp'))
3.
Range:
SELECT * FROM INDEX-2017-12 GROUP BY (range(log_date.mth,1,6,7,12))4. Date Range:
SELECT * FROM INDEX-2017-12 GROUP BY (date_range('format'='yyyy-MM-dd', 'alias'='dateRangeAggs', 'field'='@timestamp','2017-01-01','2017-06-01','now-1M','now-1w','now-2d','now'))
5.
Terms:
SELECT * FROM INDEX-2017-12 GROUP BY (terms('alias'='methodAggs', 'field'='method', 'size'=6, 'order'='desc'))
6.
IPv4 Range:
稍后补充...
7.Significant Terms:
暂时没找到求Significant Terms的SQL语句,只能用原生ES查询语句获取了;
ES原生查询语句如下:
{
"size": 0,
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
{
"range": {
"@timestamp": {
"gte": 1451297220869,
"lte": 1514455620869,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
},
"_source": {
"excludes": []
},
"aggs": {
"2": {
"significant_terms": {
"field": "log.client.system",
"size": 4
}
}
}
}
附elasticsearch-sql的GitHub地址:https://github.com/NLPchina/elasticsearch-sql
Elasticsearch官方文档(中文版)地址:https://www.elastic.co/guide/cn/elasticsearch/guide/cn/aggregations.html