IP Range Aggregation(IP范围聚合)
译文链接 : IP Range Aggregation(IP范围聚合)
IP Range Aggregation
就像专用的日期范围聚合一样,IP类型字段也有专用的范围聚合:
例子:
{"aggs" : {"ip_ranges" : {"ip_range" : {"field" : "ip","ranges" : [{ "to" : "10.0.0.5" },{ "from" : "10.0.0.5" }]}}}}
响应结果:
{..."aggregations": {"ip_ranges": {"buckets" : [{"to": "10.0.0.5","doc_count": 4},{"from": "10.0.0.5","doc_count": 6}]}}}
IP范围也可以定义为CIDR掩码
{"aggs" : {"ip_ranges" : {"ip_range" : {"field" : "ip","ranges" : [{ "mask" : "10.0.0.0/25" },{ "mask" : "10.0.0.127/25" }]}}}}
响应结果:
{"aggregations": {"ip_ranges": {"buckets": [{"key": "10.0.0.0/25","from": "10.0.0.0","to": "10.0.0.127","doc_count": 127},{"key": "10.0.0.127/25","from": "10.0.0.0","to": "10.0.0.127","doc_count": 127}]}}}
Keyed Response
将keyed标志设置为true会将一个惟一的字符串键与每个bucket关联起来,并将范围作为散列而不是数组返回:
{"aggs": {"ip_ranges": {"ip_range": {"field": "remote_ip","ranges": [{ "to" : "10.0.0.5" },{ "from" : "10.0.0.5" }],"keyed": true}}}}
响应结果:
{..."aggregations": {"ip_ranges": {"buckets": {"*-10.0.0.5": {"to": "10.0.0.5","doc_count": 1462},"10.0.0.5-*": {"from": "10.0.0.5","doc_count": 50000}}}}}
可以为每一个范围自定义key:
{"aggs": {"ip_ranges": {"ip_range": {"field": "remote_ip","ranges": [{ "key": "infinity", "to" : "10.0.0.5" },{ "key": "and-beyond", "from" : "10.0.0.5" }],"keyed": true}}}}
响应结果:
{..."aggregations": {"ip_ranges": {"buckets": {"infinity": {"to": "10.0.0.5","doc_count": 1462},"and-beyond": {"from": "10.0.0.5","doc_count": 50000}}}}}
若有收获,就点个赞吧
0 人点赞
