Écrire et exécuter des agrégations qui contiennent des sous-agrégations
Cheat Sheet
curl -H 'Content-Type: application/x-ndjson' -XPOST 'localhost:9200/bank/account/_bulk?pretty' --data-binary @logs.json
GET _cat/nodes?v
GET _cat/indices?v
### Recherche tous
GET logs/_search
### Recherche tous les extensions
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10
}
}
}
}
### Recherche tous les extensions et faire la somme de bytes
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
}
}
}
}
}
### Recherche tous les extensions, faire la somme de bytes et faire un trie décroissant
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10,
"order": {
"sum_of_bytes": "desc"
}
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
}
}
}
}
}
### Recherche tous les extensions, faire la moyenne de bytes et faire un trie décroissant
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10,
"order": {
"sum_of_bytes": "desc"
}
},
"aggs": {
"avg_bytes": {
"avg": {
"field": "bytes"
}
}
}
}
}
}
### Recherche par heure le nombre de client unique.
GET logs/_search
{
"size": 0,
"aggs": {
"per_hour": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "hour",
},
"aggs": {
"unique_clients": {
"cardinality": {
"field": "clientip.keyword"
}
}
}
}
}
}