1.需求
選出前5條當前響應時間最大的url數據
2.實現
用key_id分組url,在內部選出最大taskFinishTime那條數據,根據其responseTime進行排序。
對buckets數據排序,要求排序字段是個值,不能是聚合。
所以這里使用scripted_metric統計last_response_time,就可以直接取到值。
(之前試過根據taskFinishTime排序,選出top hits 1的數據,顯示其responseTime。但這種結果中有buckets,沒法用作排序字段)
script中涉及:
taskFinishTime的是date類型的,取到的doc['taskFinishTime'].value不能直接和long類型的變量state.taskFinishTime作比較。
所以進行轉換Date->Instant->Long,Date轉Long語句doc['taskFinishTime'].value.toInstant().toEpochMilli()
es語句
GET /aaa/_search
{
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"taskFinishTime": {
"gte": 1630825435000,
"lte": 1630911835000
}
}
},
"must": [
{
"exists": {
"field": "result.http_request.responseTime"
}
},
{
"exists": {
"field": "result.http_request.statusCode"
}
}
]
}
},
"aggs": {
"group_by_url": {
"terms": {
"field": "key_id.keyword",
"size": 10000
},
"aggs": {
"url_nodealias": {
"top_hits": {
"size": 1,
"_source": {
"includes": [
"nodealias"
]
}
}
},
"last_response_time": {
"scripted_metric": {
"init_script": "state.taskFinishTime = 0L; state.responseTime = 0L;",
"map_script": "if(doc['taskFinishTime'].value.toInstant().toEpochMilli() > state.taskFinishTime) {state.taskFinishTime = doc['taskFinishTime'].value.toInstant().toEpochMilli(); state.responseTime = doc['result.http_request.responseTime'].value;}",
"combine_script": "return state",
"reduce_script": "long finalTaskFinishTime = 0L; double finalResponseTime = 0L; for (a in states){if(finalTaskFinishTime < a.taskFinishTime) {finalTaskFinishTime = a.taskFinishTime; finalResponseTime = a.responseTime;}} return finalResponseTime"
}
},
"bucket_sort_temp": {
"bucket_sort": {
"sort": [
{
"last_response_time.value": {
"order": "desc"
}
}
],
"size": 5
}
}
}
}
}
}