通過 elasticsearch-sql 使用 SQL 語句聚合查詢 Elasticsearch 獲取各種 metrics 度量值
阿新 • • 發佈:2019-02-03
Elasticsearch 的 metrics(度量)包含 count、sum、avg、max、min、percentiles (百分位數)、Unique count(基數 || 去重計數)、Median(中位數)、擴充套件度量(含方差、平方和、標準差、標準差界限)、Percentile ranks(百分位等級)
1.count(數量):
SELECT count(log_date.d) AS Count FROM INDEX-2017-12{ "from" : 0, "size" : 0, "_source" : { "includes" : [ "COUNT" ], "excludes" : [ ] }, "aggregations" : { "Count" : { "value_count" : { "field" : "log_date.d" } } } }
2.sum(和):
SELECT sum(log_date.d) AS SUM FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "SUM" ],
"excludes" : [ ]
},
"aggregations" : {
"SUM" : {
"sum" : {
"field" : "log_date.d"
}
}
}
}
3.avg(平均數):
SELECT avg(log_date.d) AS AVG FROM INDEX-2017-12
{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "AVG" ],
"excludes" : [ ]
},
"aggregations" : {
"AVG" : {
"avg" : {
"field" : "log_date.d"
}
}
}
}
4.max(最大值):
SELECT max(log_date.d) AS MAX FROM INDEX-2017-12{ "from" : 0, "size" : 0, "_source" : { "includes" : [ "MAX" ], "excludes" : [ ] }, "aggregations" : { "MAX" : { "max" : { "field" : "log_date.d" } } } }
5.min(最小值):
SELECT min(log_date.d) AS MIN FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "MIN" ],
"excludes" : [ ]
},
"aggregations" : {
"MIN" : {
"min" : {
"field" : "log_date.d"
}
}
}
}
6.percentiles(百分位數):
SELECT percentiles(log_date.d,1.0,15.0,31.0) AS Percentiles FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "percentiles" ],
"excludes" : [ ]
},
"aggregations" : {
"Percentiles" : {
"percentiles" : {
"field" : "log_date.d",
"percents" : [ 1.0, 15.0, 31.0 ]
}
}
}
}
7.Unique count(基數 || 去重計數,就是 SQL 中的 distinct ):
SELECT count(distinct(log_date.d)) AS UniqueCount FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "COUNT" ],
"excludes" : [ ]
},
"aggregations" : {
"UniqueCount" : {
"cardinality" : {
"field" : "log_date.d",
"precision_threshold" : 40000
}
}
}
}
8.Median(中位數):
中位數沒找到單獨的獲取方法,不過在 Kibana 中看到獲取中位數時請求中的引數,其實就是獲取的某個欄位50的百分位數,所以可能有:中位數=50的百分位數
SELECT percentiles(log_date.d,50.0) AS percentiles FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "percentiles" ],
"excludes" : [ ]
},
"aggregations" : {
"percentiles" : {
"percentiles" : {
"field" : "log_date.d",
"percents" : [ 50.0 ]
}
}
}
}
9.方差、平方和、標準差、標準差界限:
這幾個度量沒有單獨方法去獲取,都是用 EXTENDED_STATS 一個請求全部獲取下來,然後從中取自己需要的結果
SELECT EXTENDED_STATS(log_date.d) AS EXTENDED_STATS FROM INDEX-2017-12{
"from" : 0,
"size" : 0,
"_source" : {
"includes" : [ "EXTENDED_STATS" ],
"excludes" : [ ]
},
"aggregations" : {
"EXTENDED_STATS" : {
"extended_stats" : {
"field" : "log_date.d"
}
}
}
}
EXTENDED_STATS 查詢結果包含:方差、平方和、標準差、標準差界限以及最大值、平均數等基礎度量,具體如下:
"aggregations": {
"1": {
"count": 15304326,
"min": 1,
"max": 31,
"avg": 15.068216202399244,
"sum": 230608893,
"sum_of_squares": 4588588661,
"variance": 72.7718426201877,
"std_deviation": 8.530641395591992,
"std_deviation_bounds": {
"upper": 32.129498993583226,
"lower": -1.9930665887847407
}
}
}10.Percentile ranks(百分位等級)
暫時沒找到求百分位等級的 SQL 語句,只能用原生 ES 查詢語句獲取了;
ES原生查詢語句如下:
{
"size": 0,
......
"aggs": {
"1": {
"percentile_ranks": {
"field": "log_date.d",
"values": [
6,
15,
31
],
"keyed": false
}
}
}
}