Filters Aggregation
- Filters Aggregation
  - Anonymous filters（匿名过滤器）
  - Other Bucket

Filters Aggregation

原文链接 : https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html#_literal_other_literal_bucket

译文链接 :Filters Aggregation

贡献者 : @于永超，ApacheCN，Apache中文网

Filters Aggregation

定义多bucket(桶)聚合，其中每个bucket(桶)与过滤器相关联。每个bucket(桶)将收集与其关联的过滤器匹配的所有文档

例子：

PUT /logs/message/_bulk?refresh
{ "index" : { "_id" : 1 } }
{ "body" : "warning: page could not be rendered" }
{ "index" : { "_id" : 2 } }
{ "body" : "authentication error" }
{ "index" : { "_id" : 3 } }
{ "body" : "warning: connection timed out" }
GET logs/_search
{
  "size": 0,
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : {
          "errors" :   { "match" : { "body" : "error"   }},
          "warnings" : { "match" : { "body" : "warning" }}
        }
      }
    }
  }
}

在上面的例子中，我们分析日志消息。聚合将构建日志消息的两个集合（桶） - 一个用于所有包含 error 的消息，另一个用于包含 warning 的所有消息。

响应结果：

{
  "took": 9,
  "timed_out": false,
  "_shards": ...,
  "hits": ...,
  "aggregations": {
    "messages": {
      "buckets": {
        "errors": {
          "doc_count": 1
        },
        "warnings": {
          "doc_count": 2
        }
      }
    }
  }
}

Anonymous filters（匿名过滤器）

过滤器字段也可以作为过滤器的数组提供，就像下面的请求一样

GET logs/_search
{
  "size": 0,
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : [
          { "match" : { "body" : "error"   }},
          { "match" : { "body" : "warning" }}
        ]
      }
    }
  }
}

过滤的buckets（桶）按照请求中提供的顺序返回。这个例子的响应结果是：

{
  "took": 4,
  "timed_out": false,
  "_shards": ...,
  "hits": ...,
  "aggregations": {
    "messages": {
      "buckets": [
        {
          "doc_count": 1
        },
        {
          "doc_count": 2
        }
      ]
    }
  }
}

`Other` Bucket

other_bucket 参数可以为响应添加一个bucket，它将包含所有与给定过滤器不匹配的文档，该参数的值可以如下所示：

false

 不计算 other bucket

true

如果使用了命名的过滤器,则返回另一个bucket bucket(默认命名为_other_)，如果使用匿名过滤器，则返回最后一个bucket

otherbucket_key参数可用于将其他存储桶的密钥设置为除默认值_other之外的值。设置此参数将会将other_bucket参数隐式设置为true。

下面的代码片段显示了请求另一个bucket被命名为other_messages的响应。

PUT logs/message/4?refresh
{
  "body": "info: user Bob logged out"
}
GET logs/_search
{
  "size": 0,
  "aggs" : {
    "messages" : {
      "filters" : {
        "other_bucket_key": "other_messages",
        "filters" : {
          "errors" :   { "match" : { "body" : "error"   }},
          "warnings" : { "match" : { "body" : "warning" }}
        }
      }
    }
  }
}

响应将如下所示：

{
  "took": 3,
  "timed_out": false,
  "_shards": ...,
  "hits": ...,
  "aggregations": {
    "messages": {
      "buckets": {
        "errors": {
          "doc_count": 1
        },
        "warnings": {
          "doc_count": 2
        },
        "other_messages": {
          "doc_count": 1
        }
      }
    }
  }
}

Filters Aggregation

Filters Aggregation

Filters Aggregation

Anonymous filters（匿名过滤器）

Other Bucket

`Other` Bucket