I have program send logs by rsyslog to graylog and save them in elastic search.
I used elastic search 1.7.
message send by rsyslog like this
{"t" : [
{"id":10,"x":12,"y":15,"z":8},
{"id":12,"x":8,"y":6,"z":1},
{"id":10,"x":2,"y":1,"z":6}
]}
I want get sum of x, y, z for all message that have same id.
what query I use?
I used this query but not work correct.
{
"aggs" : {
"t" : {
"nested" : {
"path" : "t"
},
"aggs" : {
"sum_x" : { "sum" : { "field" : "t.x" } }
}
}
}
}
Related
I am getting the results based on various filters in the Elasticsearch which also includes pagination.
Now I need to navigate between previous and next record from that search results, when we open a record of the search results.
Is there a way to achieve this through Elasticsearch?
You could use the from and size parameters of the Search API.
GET /_search
{
"from" : 0, "size" : 10,
"query" : {
"term" : { "user" : "kimchy" }
}
}
or
GET /_search?from=0&size=10
{
"query" : {
"term" : { "user" : "kimchy" }
}
}
Note the default value for size is 10.
I am using terms aggregation on elasticsearch to get most used words in a index with 380607390 (380 millions) and i receive timeout on my application.
The aggregated field is a text with a simple analyzer( the field holds post content).
My question is:
The terms aggregation is the correct aggregation to do that? With a large content field?
{
"aggs" : {
"keywords" : {
"terms" : { "field" : "post_content" }
}
}
}
You can try this using min_doc_count. You would ofcourse not want to get those words which have been used just once or twice or thrice...
You can set min_doc_count as per your requirement. This would definitely
reduce the time.
{
"aggs" : {
"keywords" : {
"terms" : { "field" : "post_content",
"min_doc_count": 5 //----->Set it as per your need
}
}
}
}
Using elastic search, I am trying to get data for nested object
BoolQueryBuilder boolBuilder = QueryBuilders.boolQuery();
NestedQueryBuilder nestedBuilder = QueryBuilders.nestedQuery("Attributes", boolBuilder);
boolBuilder.must(QueryBuilders.termQuery("Attributes.attributeId", "1001"));
Result comes if the query is like this,
{
"nested" : {
"query" : {
"bool" : {
"must" : [ {
"term" : {
"Attributes.attributeId" : "1001"
}
]
}
},
"path" : "Attributes"
}'
Result not coming if the query is like this,
{
"nested" : {
"query" : {
"bool" : {
"must" : [ {
"term" : {
"attributeId" : "1001"
}
]
}
},
"path" : "Attributes"
}
Can somebody help me.Here i have to get result without using "Attributes.attributeId".ie. using "attributeId" alone data have to come.
This is expected as per the nested query documentation
The query path points to the nested object path, and the query (or
filter) includes the query that will run on the nested docs matching
the direct path, and joining with the root parent docs. Note that any
fields referenced inside the query must use the complete path (fully
qualified).
For my project, I thought of using Span Near Queries of ElasticSearch, with the constraint that is, certain tokens may have to searched with Fuzziness. I was able to generate a set of SpanQuery (org.apache.lucene.search.spans.SpanQuery) objects some with fuzzy enabled, some without. I couldn't figure out how to use these set of SpanQueries in ElasticSearch spanNearQuery.
Can someone help me out with right pointers to samples or docs. And is there any way to construct ES SpanNearQueryBuilder with some clauses fuzzy enabled ?
You can wrap an fuzzy query into a span query with Span Multi Term Query:
{
"span_near" : {
"clauses" : [
{ "span_term" : { "field" : "value1" } },
{ "span_multi" :
"match" : {
"prefix" : { "user" : { "field" : "value2" } }
}
}
],
...
}
}
Is it possible to use a manually created histogram facet (or the results of its curl request) like this one in a Kibana dashboard:
{
"query" : {
"match_all" : {}
},
"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour * factor1",
"value_script" : "doc['num1'].value + factor2",
"params" : {
"factor1" : 2,
"factor2" : 3
}
}
}
}
}
Thanks
It looks like it will be supported in Kibana4, but there doesn't seem to be much more info out there than that.
For reference: https://github.com/elasticsearch/kibana/issues/1249