Question

我有包含URL的文档。以下查询按URL汇总文档

GET logs/_search
{
"size": 0,

"aggregations": {
"refererTerms": {
"terms": {
"field": "sit_ref.keyword",
"size": 5
      }
    }
  }
}

输出：

{
  "took": 560,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 4809178,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "refererTerms": {
      "doc_count_error_upper_bound": 12590,
      "sum_other_doc_count": 2440897,
      "buckets": [
        {
          "key": "https://www.bfmtv.com/",
          "doc_count": 217615
        },
        {
          "key": "https://www.zone-turf.fr/quinte/",
          "doc_count": 46506
        },
        {
          "key": "https://www.01net.com/telecharger/",
          "doc_count": 43178
        },
        {
          "key": "https://rmcsport.bfmtv.com/",
          "doc_count": 42643
        },
        {
          "key": "https://bfmbusiness.bfmtv.com/",
          "doc_count": 38462
        }
      ]
    }
  }
}

我想按文档的域而不是URL聚合文档。如何对“ sit_ref”字段进行正则表达式，以便按域进行汇总？

通过正则表达式聚合字段-Elastic Search

0 个答案: