我是elasticsearch的新手,这是我的第一个NoSql DB,我有一些问题。
我有这样的东西:
index_logs: [
{
"entity_id": id_1,
"field_name": "name",
"old_value": null
"new_value": "some_name"
"number": 1
},
{
"entity_id": id_1,
"field_name": "description",
"old_value": null
"new_value": "some_descr"
"number": 1
},
{
"entity_id": id_1,
"field_name": "description",
"old_value": "some_descr"
"new_value": null
"number": 2
},
{
"entity_id": id_2,
"field_name": "enabled",
"old_value": true
"new_value":false
"number": 25
},
]
我需要找到所有我不知道的指定entity_id和max_number的文档。
在postgres中,它将如下代码:
SELECT *
FROM logs AS x
WHERE x.entity_id = <some_entity_id>
AND x.number = (SELECT MAX(y.number) FROM logs AS y WHERE y.entity_id = x.entity_id)
elasticsearch我能怎么做?
使用以下查询:
{
"query": {
"term": {
"entity_id": {
"value": "1"
}
}
},
"aggs": {
"max_number": {
"terms": {
"field": "number",
"size": 1,
"order": {
"_key": "desc"
}
},
"aggs": {
"top_hits": {
"top_hits": {
"size": 10
}
}
}
}
}
}
聚合将组织"number"按降序排序的数字,然后用这个数字给你前十的结果,在top_hits subaggregation。
获取"All"的另一种方式文档只是简单地使用相同的查询,没有任何聚合,并按"数字"降序排序。字段。在客户端,使用"search_after"进行分页,并对所有结果进行分页,直到"数字"为止。场的变化。当编号第一次改变时,您退出分页循环,并且您拥有具有给定实体id和最大编号的所有记录。