1
Elastic search version : 2.4.x and Kibana is 4.x
數據不工作在elasticsearch:腳本場kibana
{
"_index": "testindex_201707",
"_type": "abcd",
"_id": "AV0rSOhWGrdL3plaGRY0",
"_score": 1,
"_source": {
"logtype": "xyz",
"filesize": 106390550,
"@timestamp": "2017-07-10T12:26:30.279+0530"
}
},
{
"_index": "testindex_201707",
"_type": "xyz",
"_id": "AV02YwV3GrdL3plaGRaD",
"_score": 1,
"_source": {
"bytes_read": 173,
"@timestamp": "2017-07-12T16:10:53.160+0530",
"logtype": "xyz",
"destination_port": "80"
}
}
我要計算總的HTTP/HTTPS流量服役ABCD和XYZ。爲此,我寫了下面的Elasticsearch查詢:
GET /isp_vodafone_cdncache_201707/_search
{
"query": {
"match_all": {}
},
"aggs": {
"total_bytes_served": {
"scripted_metric": {
"init_script": "_agg[\"tempArray\"] = [];",
"map_script": "if ((doc.logtype.value == \"abcd\")&&(doc.http_status_code.value == \"200\" || doc.http_status_code.value == \"200 OK\")) { _agg.tempArray.add(doc.filesize.value);} else if ((doc.logtype.value == \"xyz\")&&(doc.destination_port.value == \"80\"||doc.destination_port.value == \"443\")&&(doc.http_status_code.value == \"200\" || doc.http_status_code.value == \"200 OK\")) { _agg.tempArray.add(doc.bytes_read.value);}",
"combine_script": "served = 0; for (i in _agg.tempArray) { served += i }; return served;",
"reduce_script": "served = 0; for (j in _aggs) { served += j }; return served;"
}
}
}
}
這給了我total_bytes_read正確。我想在Kibana中顯示服務的總HTTP/HTTP流量的指標。我試圖在Kibana寫一個腳本字段total_bytes_served。
if (doc['logtype'].value == 'abcd'){
return doc['filesize'].value;
} else if ((doc['logtype'].value == 'xyz') AND
(doc['destination_port'].value == "80" OR
doc['destination_port'].value == "443")) {
return doc['bytes_read'].value;
}
使用度量聚合器,我選擇了SUM和上面的腳本字段,但度量值爲空。
我也試圖使在elasticsearch.yml以下參數:
script.engine.groovy.inline.aggs: true
script.engine.painless.inline: true
script.engine.expression.inline: true
有人可以幫我,我很想念這裏?
我們可以在腳本領域的使用條件運算解決問題。 –