我有以下查询,在那里获取a数据,并创建过去每个小时的聚合:
query = {
"query": {
"bool": {
"must": [
{ "term": {"deviceId":device} },
{ "match": {"eventType":"Connected"} }
],
"must_not":[{
"query_string": {
"query": "Pong",
"fields": ["data.message"]
}
},
]
},
},
"size": 0,
"sort": [{ "timestamp": { "order": "desc" }}],
"aggs" : {
"time_buckets" : {
"date_histogram" : {
"field" : "timestamp",
"interval" : "hour",
},
}
}
}
我想得到每个小时间隔(聚合创建的每个bucket)中一个字段的平均值。在这篇文章中,他们谈到了与我想做的类似的事情:http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/_looking_at_time.html("上周我们网站每小时的平均延迟是多少?")。然而,他们并没有确切解释在这种情况下该怎么办。
有人知道怎么做吗?
我刚刚意识到我可以进行嵌套聚合,然后计算聚合中字段的平均值。以下是我所做的,它现在工作正常:
query = {
"query": {
"bool": {
"must": [
{ "term": {"deviceId":device} },
{ "match": {"eventType":"Connected"} }
],
"must_not":[{
"query_string": {
"query": "Pong",
"fields": ["data.message"]
}
},
]
},
},
"size": 0,
"sort": [{ "timestamp": { "order": "desc" }}],
"aggs" : {
"time_buckets" : {
"date_histogram" : {
"field" : "timestamp",
"interval" : "day"
},
"aggs" : {
"avg_battery" : {
"avg": { "field": "data.battery-level" }
}
}
}
}
}