Question

我有一个交易数据流，我将我的10米间隔分组并计算一个汇总中的交易数量，并计算另一个汇总中的平均值。我想查询结果仅适用于total_count为＆gt;的情况。移动平均线。

此查询返回正常。

GET / _search

{ 
  "aggs": {
        "my_date_histo":{                
            "date_histogram":{
                "field":"created_at",
                "interval":"10m"
            },

            "aggs":{
                "the_count":{
                    "value_count" : {"field" : "user_id"}
                },

              "the_movavg":{
                  "moving_avg":{ 
                    "buckets_path": "the_count" ,
                    "window": 5,
                    "model": "simple"
                  }
              }
      }
    }
  }
}

但是当我尝试以下操作时会抛出错误，

GET /_search
{ 
  "aggs": {
        "my_date_histo":{                
            "date_histogram":{
                "field":"created_at",
                "interval":"10m"
            },

            "aggs":{
                "the_count":{
                    "value_count" : {"field" : "user_id"}
                },

              "the_movavg":{
                  "moving_avg":{ 
                    "buckets_path": "the_count" ,
                    "window": 5,
                    "model": "simple"
                  }
              },

                "final_filter": {
           "bucket_selector": {
          "buckets_path": {
            "TheCount": "the_count",
            "TheMovAvg": "the_movavg"

          },
          "script": "params.TheCount > params.TheMovAvg"
      }
  }

      }
    }
  }

}

编辑：

映射

{
  "transaction-live": {
    "mappings": {
      "logs": {
        "properties": {
          "@timestamp": {
            "type": "date"
          },
          "@version": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "correspondent_id": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "created_at": {
            "type": "date"
          },
          "discount": {
            "type": "float"
          },
          "endpoint": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "event_type": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "fees": {
            "type": "float"
          },
          "from_country_code": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "from_currency_code": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "fx_sent_receive": {
            "type": "float"
          },
          "receive_amount": {
            "type": "float"
          },
          "response_code": {
            "type": "long"
          },
          "send_amount": {
            "type": "float"
          },
          "source": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "source_version": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "startedtransaction_id": {
            "type": "long"
          },
          "to_country_code": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "user_agent": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "user_id": {
            "type": "long"
          }
        }
      }
    }
  }
}

ERROR：

{
  "error": {
    "root_cause": [],
    "type": "reduce_search_phase_exception",
    "reason": "[reduce] ",
    "phase": "fetch",
    "grouped": true,
    "failed_shards": [],
    "caused_by": {
      "type": "script_exception",
      "reason": "runtime error",
      "caused_by": {
        "type": "null_pointer_exception",
        "reason": null
      },
      "script_stack": [
        "params.TheCount > params.TheMovAvg",
        "                        ^---- HERE"
      ],
      "script": "params.TheCount > params.TheMovAvg",
      "lang": "painless"
    }
  },
  "status": 503
}

Answer 1

我稍微讨论了你的查询并找到了问题。以下是您可以使用的工作查询

{
    "size": 0,
    "aggs": {
        "my_date_histo": {
            "date_histogram": {
                "field": "created_at",
                "interval": "10m"
            },
            "aggs": {
                "the_count": {
                    "value_count": {
                        "field": "user_id"
                    }
                },
                "the_movavg": {
                    "moving_avg": {
                        "buckets_path": "the_count",
                        "window": 5,
                        "model": "simple"
                    }
                },
                "final_filter": {
                    "bucket_selector": {
                        "buckets_path": {
                            "TheCount": "the_count",
                            "TheMovAvg": "the_movavg"

                        },
                        "script": "params.TheCount > (params.TheMovAvg == null ? 0 : params.TheMovAvg)"
                    }
                }
            }
        }
    }
}

现在要了解这个问题，请看一下没有bucket_selector聚合的以下聚合结果。

{
  "took": 10,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 42,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "my_date_histo": {
      "buckets": [
        {
          "key_as_string": "2017-03-06T15:30:00.000Z",
          "key": 1488814200000,
          "doc_count": 14,
          "the_count": {
            "value": 14
          }
        },
        {
          "key_as_string": "2017-03-06T15:40:00.000Z",
          "key": 1488814800000,
          "doc_count": 0,
          "the_count": {
            "value": 0
          }
        },
        {
          "key_as_string": "2017-03-06T15:50:00.000Z",
          "key": 1488815400000,
          "doc_count": 14,
          "the_count": {
            "value": 14
          },
          "the_movavg": {
            "value": 7
          }
        },
        {
          "key_as_string": "2017-03-06T16:00:00.000Z",
          "key": 1488816000000,
          "doc_count": 3,
          "the_count": {
            "value": 3
          },
          "the_movavg": {
            "value": 14
          }
        },
        {
          "key_as_string": "2017-03-06T16:10:00.000Z",
          "key": 1488816600000,
          "doc_count": 8,
          "the_count": {
            "value": 7
          },
          "the_movavg": {
            "value": 8.5
          }
        },
        {
          "key_as_string": "2017-03-06T16:20:00.000Z",
          "key": 1488817200000,
          "doc_count": 3,
          "the_count": {
            "value": 3
          },
          "the_movavg": {
            "value": 6.375
          }
        }
      ]
    }
  }
}

如果您观察到前两个存储桶上方的结果，请不要为moving_agg计算该窗口/设置的moving_aggs。因此，当您的过滤器选择器进行比较时，它会抛出null pointer exception on runtime，因为JAVA比较运算符会抛出空指针异常。

希望这会对你有所帮助。感谢

如何在弹性搜索中比较两个聚合

1 个答案: