问题描述
我有许多文件资产存储在多个文件夹中。我想做的是对这组文件名运行文本字符串查询,返回匹配的文件参数,以及在每个文件夹中出现的频率。但是,对于附带的查询,我没有获得每个过滤结果的完整文件名参数:
以下是查询:
"aggs": {
"filenames": {
"filter": {
"term": {"filename": "foo"}
},"aggs": {
"files_count": {
"terms": {
"field": "filename","size": 100
},"aggs": {
"folder_count": {
"terms": {
"field": "folder"
}
}
}
}
}
}
},"size": 0
}
结果看起来像这样:
"aggregations": {
"filenames": {
"doc_count": 1218,"files_count": {
"doc_count_error_upper_bound": 0,"sum_other_doc_count": 0,"buckets": [
{
"key": "foo","doc_count": 1218,"folder_count": {
"doc_count_error_upper_bound": 0,"sum_other_doc_count": 1139,"buckets": [
{
"key": "1575569706838","doc_count": 8
},{
"key": "1575656106314",{
"key": "1575742506771",{
"key": "1575828907233",{
"key": "1575915306570",{
"key": "1576001707455",{
"key": "1576088108154",{
"key": "1576174506235",{
"key": "1576347307560",{
"key": "1576260907130","doc_count": 7
}
]
}
},...
这是我的索引数据的示例:
{
"screens": {
"mappings": {
"properties": {
"date": {
"type": "date"
},"extension": {
"type": "text","fields": {
"keyword": {
"type": "keyword","ignore_above": 256
}
}
},"filename": {
"type": "text","ignore_above": 256
}
},"fielddata": true
},"folder": {
"type": "text","format": {
"type": "text","path": {
"type": "text","ignore_above": 256
}
}
}
}
}
}
}
返回的键:queryString只是文件名字段的一部分或不同的片段。为了在此查询中获取完全匹配的文件名,我需要包括什么?理想情况下,而不是键:queryString,我想用唯一的文件名将其分开,而不是将所有内容都匹配在一起。在过滤的结果和文件夹之间,文件名是否需要其他级别的aggs?我该怎么办? 预先感谢。
解决方法
filename字段很可能是text类型,因此被分析并索引到令牌中,这就是为什么您的存储桶键是它们的样子。
您需要在filename.keyword子字段上运行术语汇总,如下所示:
{
"aggs": {
"filenames": {
"filter": {
"term": {
"filename.keyword": "queryString" <---- change the field name here
}
},"aggs": {
"files_count": {
"terms": {
"field": "filename.keyword",<---- change the field name here
"size": 100
},"aggs": {
"folder_count": {
"terms": {
"field": "folder.keyword" <---- change the field name here
}
}
}
}
}
}
},"size": 0
}