elastic search6聚合操作keyword
在mapping index为true的情况下,该字段会默认对内容进行分词若进行agg操作则会出现下面情况:
命令:
GET /data/http_record/_search
{
"aggs": {
"ua": {
"terms": { "field": "user_agent" }
}
}
}结果:
"aggregations": {
"ua": {
"doc_count_error_upper_bound": 204594,
"sum_other_doc_count": 17127887,
"buckets": [
{
"key": "android",
"doc_count": 4574412
},
{
"key": "build",
"doc_count": 3761713
},
{
"key": "vivo",
"doc_count": 1116978
},
{
"key": "5.1",
"doc_count": 784951
},
{
"key": "iphone",
"doc_count": 674956
},
{
"key": "4.4.4",
"doc_count": 593027
},
{
"key": "ios",
"doc_count": 568399
},
{
"key": "6.0",
"doc_count": 524421
},
{
"key": "5.1.1",
"doc_count": 485652
},
{
"key": "oppo",
"doc_count": 471732
}
]
}
}
}GET /data/http_record/_search
{
"aggs": {
"ua": {
"terms": { "field": "user_agent.keyword" }
}
}
}
结果为:
"aggregations": {
"ua": {
"doc_count_error_upper_bound": 26756,
"sum_other_doc_count": 4667012,
"buckets": [
{
"key": "iPhone; iOS 10.3.3; zh_CN)",
"doc_count": 71982
},
{
"key": "Android 3.3.1-R-20170728.1300; INPHIC_H3 Build/KOT49H)",
"doc_count": 70493
},
{
"key": "Android 5.1; OPPO A37m Build/LMY47I)",
"doc_count": 67258
},
{
"key": "Android 5.0.2; vivo Y33 Build/LRX21M)",
"doc_count": 64267
},
{
"key": "Android 4.3; Letv X3-43 Build/V2202RCN02C058050B10151S)",
"doc_count": 64010
},
{
"key": "Android 4.4.4; vivo Y23L Build/KTU84P)",
"doc_count": 59655
},
{
"key": "Android 5.1; F100 Build/LMY47D)",
"doc_count": 51356
},
{
"key": "Android 4.3; Letv S40 Air Build/V2202RCN02C058050B10151S)",
"doc_count": 48992
},
{
"key": "iPhone; iOS 10.3.3; Scale/2.00)",
"doc_count": 46417
},
{
"key": "Android 5.1.1; vivo Y51A Build/LMY47V)",
"doc_count": 43156
}
]
}
}
}