合规国际互联网加速 OSASE为企业客户提供高速稳定SD-WAN国际加速解决方案。 广告
# Filters Aggregation 原文链接 : [https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html#_literal_other_literal_bucket](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html#_literal_other_literal_bucket) 译文链接 :[Filters Aggregation](http://apache.wiki/display/Elasticsearch/Filters+Aggregation?src=contextnavpagetreemode) 贡献者 : @于永超,[ApacheCN](/display/~apachecn),[Apache中文网](/display/~apachechina) ## Filters Aggregation 定义多bucket(桶)聚合,其中每个bucket(桶)与过滤器相关联。 每个bucket(桶)将收集与其关联的过滤器匹配的所有文档 例子: ``` PUT /logs/message/_bulk?refresh { "index" : { "_id" : 1 } } { "body" : "warning: page could not be rendered" } { "index" : { "_id" : 2 } } { "body" : "authentication error" } { "index" : { "_id" : 3 } } { "body" : "warning: connection timed out" } GET logs/_search { "size": 0, "aggs" : { "messages" : { "filters" : { "filters" : { "errors" : { "match" : { "body" : "error" }}, "warnings" : { "match" : { "body" : "warning" }} } } } } } ``` 在上面的例子中,我们分析日志消息。 聚合将构建日志消息的两个集合(桶) - 一个用于所有包含  error 的消息,另一个用于包含 warning 的所有消息。 响应结果: ``` { "took": 9, "timed_out": false, "_shards": ..., "hits": ..., "aggregations": { "messages": { "buckets": { "errors": { "doc_count": 1 }, "warnings": { "doc_count": 2 } } } } } ``` ### Anonymous filters(匿名过滤器) 过滤器字段也可以作为过滤器的数组提供,就像下面的请求一样 ``` GET logs/_search { "size": 0, "aggs" : { "messages" : { "filters" : { "filters" : [ { "match" : { "body" : "error" }}, { "match" : { "body" : "warning" }} ] } } } } ``` 过滤的buckets(桶)按照请求中提供的顺序返回。 这个例子的响应结果是: ``` { "took": 4, "timed_out": false, "_shards": ..., "hits": ..., "aggregations": { "messages": { "buckets": [ { "doc_count": 1 }, { "doc_count": 2 } ] } } } ``` ### `Other` Bucket other_bucket 参数可以为响应添加一个bucket,它将包含所有与给定过滤器不匹配的文档,该参数的值可以如下所示: false      不计算 other bucket true     如果使用了命名的过滤器,则返回另一个bucket bucket(默认命名为_other_),如果使用匿名过滤器,则返回最后一个bucket other_bucket_key参数可用于将其他存储桶的密钥设置为除默认值_other_之外的值。 设置此参数将会将other_bucket参数隐式设置为true。 下面的代码片段显示了请求另一个bucket被命名为other_messages的响应。 ``` PUT logs/message/4?refresh { "body": "info: user Bob logged out" } GET logs/_search { "size": 0, "aggs" : { "messages" : { "filters" : { "other_bucket_key": "other_messages", "filters" : { "errors" : { "match" : { "body" : "error" }}, "warnings" : { "match" : { "body" : "warning" }} } } } } } ``` 响应将如下所示: ``` { "took": 3, "timed_out": false, "_shards": ..., "hits": ..., "aggregations": { "messages": { "buckets": { "errors": { "doc_count": 1 }, "warnings": { "doc_count": 2 }, "other_messages": { "doc_count": 1 } } } } } ```