es聚合查詢
阿新 • • 發佈:2018-11-11
curl -XPOST "100.98.210.20:9200/logstash-2018.10.17/_search?pretty" -d '
{ "size" : 0, 是否返回參考資料
"aggs": { 預設引數
"all_hostname": { 自定義返回名字
"terms":{ 預設
"size":200, 查詢結果顯示多少條
"field":"hostname" 聚合項
}
}
}
}'
源資料
{
"took":1505,
"timed_out":false,
"_shards":{
"total":20,
"successful":20,
"failed":0
},
"hits":
"total":114409200,
"max_score":1,
"hits":
{
                "_index":"logstash-2018.10.16",
                "_type":"nginx_153_log",
                "_id":"AWZ6OpP8XYOz2dgYz_lS",
                "_score":1,
                "_source":{
                    "timestamp":"2018-10-16T08:15:50+08:00",
                    "remoteAddr":"100.117.117.38",
                    "forwardedip":"180.130.2.234, 118.178.15.252",
                    "status":"200",
                    "hostname":"appstudent2c.zhihuishu.com",
                    "uri":"/app_2c/discoveryv3/findCourseTopicList",
                    "server_port":"80",
                    "request":"POST /app_2c/discoveryv3/findCourseTopicList HTTP/1.1",
                    "requestUri":"/app_2c/discoveryv3/findCourseTopicList",
                    "request_time":0.008,
                    "http_referer":"-",
                    "http_user_agent":"okhttp/3.9.0",
                    "body_bytes_sent":417,
                    "upstream_http_host":"10.26.97.5:80",
                    "upstream_response_time":"0.006",
                    "@version":"1",
                    "@timestamp":"2018-10-16T00:15:51.083Z",
                    "path":"/usr/local/nginx/logs/access_appstudent2c.log",
                    "host":"10.168.2.153",
                    "type":"nginx_153_log",
                    "kafka":{
                        "msg_size":680,
                        "topic":"rizhi_nginx",
                        "consumer_group":"logstash_el",
                        "partition":6,
                        "offset":6047185082,
                        "key":null
                    }
                }
            }">{
"_index":"logstash-2018.10.16",
"_type":"nginx_153_log",
"_id":"AWZ6OpP8XYOz2dgYz_lS",
"_score":1,
"_source":{
"timestamp":"2018-10-16T08:15:50+08:00",
"remoteAddr":"100.117.117.38",
"forwardedip":"180.130.2.234, 118.178.15.252",
"status":"200",
"hostname":"appstudent2c.zhihuishu.com",
"uri":"/app_2c/discoveryv3/findCourseTopicList",
"server_port":"80",
"request":"POST /app_2c/discoveryv3/findCourseTopicList HTTP/1.1",
"requestUri":"/app_2c/discoveryv3/findCourseTopicList",
"request_time":0.008,
"http_referer":"-",
"http_user_agent":"okhttp/3.9.0",
"body_bytes_sent":417,
"upstream_http_host":"10.26.97.5:80",
"upstream_response_time":"0.006",
"@version":"1",
"@timestamp":"2018-10-16T00:15:51.083Z",
"path":"/usr/local/nginx/logs/access_appstudent2c.log",
"host":"10.168.2.153",
"type":"nginx_153_log",
"kafka":{
"msg_size":680,
"topic":"rizhi_nginx",
"consumer_group":"logstash_el",
"partition":6,
"offset":6047185082,
"key":null
}
}
},
{
                "_index":"logstash-2018.10.16",
                "_type":"nginx_153_log",
                "_id":"AWZ6OpP8XYOz2dgYz_lg",
                "_score":1,
                "_source":{
                    "timestamp":"2018-10-16T08:15:49+08:00",
                    "remoteAddr":"100.117.117.10",
                    "forwardedip":"113.5.3.132, 118.178.15.245",
                    "status":"200",
                    "hostname":"appstudent.zhihuishu.com",
                    "uri":"/appstudent/student/tutorial/savePopupQuestionAnswerV2",
                    "server_port":"80",
                    "request":"POST /appstudent/student/tutorial/savePopupQuestionAnswerV2 HTTP/1.1",
                    "requestUri":"/appstudent/student/tutorial/savePopupQuestionAnswerV2",
                    "request_time":0.015,
                    "http_referer":"-",
                    "http_user_agent":"WisdomTree/3.78 CFNetwork/974.2.1 Darwin/18.0.0",
                    "body_bytes_sent":85,
                    "upstream_http_host":"10.165.109.192:80",
                    "upstream_response_time":"0.013",
                    "@version":"1",
                    "@timestamp":"2018-10-16T00:15:51.118Z",
                    "path":"/usr/local/nginx/logs/access_appstudent.log",
                    "host":"10.168.2.153",
                    "type":"nginx_153_log",
                    "kafka":{
                        "msg_size":757,
                        "topic":"rizhi_nginx",
                        "consumer_group":"logstash_el",
                        "partition":6,
                        "offset":6047185096,
                        "key":null
                    }
                }
            }">Object{...},
{
                "_index":"logstash-2018.10.16",
                "_type":"nginx_153_log",
                "_id":"AWZ6OpP9XYOz2dgYz_mE",
                "_score":1,
                "_source":{
                    "timestamp":"2018-10-16T08:15:50+08:00",
                    "remoteAddr":"100.117.117.43",
                    "forwardedip":"222.168.154.13, 118.178.15.252",
                    "status":"200",
                    "hostname":"appstudent.zhihuishu.com",
                    "uri":"/appstudent/student/message/getStudyUnreadMessageCount",
                    "server_port":"80",
                    "request":"POST /appstudent/student/message/getStudyUnreadMessageCount HTTP/1.1",
                    "requestUri":"/appstudent/student/message/getStudyUnreadMessageCount",
                    "request_time":0.05,
                    "http_referer":"-",
                    "http_user_agent":"Dalvik/2.1.0 (Linux; U; Android 8.1.0; MI MAX 3 MIUI/V10.0.3.0.OEDCNFH)",
                    "body_bytes_sent":110,
                    "upstream_http_host":"10.168.15.95:80",
                    "upstream_response_time":"0.048",
                    "@version":"1",
                    "@timestamp":"2018-10-16T00:15:51.151Z",
                    "path":"/usr/local/nginx/logs/access_appstudent.log",