Examples with Aggregations org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations used on opensource projects

Example 1 with Aggregations

use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations in project elasticsearch by elastic.

the class SignificantTermsSignificanceScoreIT method testBackgroundVsSeparateSet.

// compute significance score by
// 1. terms agg on class and significant terms
// 2. filter buckets and set the background to the other class and set is_background false
// both should yield exact same result
public void testBackgroundVsSeparateSet(SignificanceHeuristic significanceHeuristicExpectingSuperset, SignificanceHeuristic significanceHeuristicExpectingSeparateSets) throws Exception {
    SearchResponse response1 = client().prepareSearch(INDEX_NAME).setTypes(DOC_TYPE).addAggregation(terms("class").field(CLASS_FIELD).subAggregation(significantTerms("sig_terms").field(TEXT_FIELD).minDocCount(1).significanceHeuristic(significanceHeuristicExpectingSuperset))).execute().actionGet();
    assertSearchResponse(response1);
    SearchResponse response2 = client().prepareSearch(INDEX_NAME).setTypes(DOC_TYPE).addAggregation(filter("0", QueryBuilders.termQuery(CLASS_FIELD, "0")).subAggregation(significantTerms("sig_terms").field(TEXT_FIELD).minDocCount(1).backgroundFilter(QueryBuilders.termQuery(CLASS_FIELD, "1")).significanceHeuristic(significanceHeuristicExpectingSeparateSets))).addAggregation(filter("1", QueryBuilders.termQuery(CLASS_FIELD, "1")).subAggregation(significantTerms("sig_terms").field(TEXT_FIELD).minDocCount(1).backgroundFilter(QueryBuilders.termQuery(CLASS_FIELD, "0")).significanceHeuristic(significanceHeuristicExpectingSeparateSets))).execute().actionGet();
    StringTerms classes = response1.getAggregations().get("class");
    SignificantTerms sigTerms0 = ((SignificantTerms) (classes.getBucketByKey("0").getAggregations().asMap().get("sig_terms")));
    assertThat(sigTerms0.getBuckets().size(), equalTo(2));
    double score00Background = sigTerms0.getBucketByKey("0").getSignificanceScore();
    double score01Background = sigTerms0.getBucketByKey("1").getSignificanceScore();
    SignificantTerms sigTerms1 = ((SignificantTerms) (classes.getBucketByKey("1").getAggregations().asMap().get("sig_terms")));
    double score10Background = sigTerms1.getBucketByKey("0").getSignificanceScore();
    double score11Background = sigTerms1.getBucketByKey("1").getSignificanceScore();
    Aggregations aggs = response2.getAggregations();
    sigTerms0 = (SignificantTerms) ((InternalFilter) aggs.get("0")).getAggregations().getAsMap().get("sig_terms");
    double score00SeparateSets = sigTerms0.getBucketByKey("0").getSignificanceScore();
    double score01SeparateSets = sigTerms0.getBucketByKey("1").getSignificanceScore();
    sigTerms1 = (SignificantTerms) ((InternalFilter) aggs.get("1")).getAggregations().getAsMap().get("sig_terms");
    double score10SeparateSets = sigTerms1.getBucketByKey("0").getSignificanceScore();
    double score11SeparateSets = sigTerms1.getBucketByKey("1").getSignificanceScore();
    assertThat(score00Background, equalTo(score00SeparateSets));
    assertThat(score01Background, equalTo(score01SeparateSets));
    assertThat(score10Background, equalTo(score10SeparateSets));
    assertThat(score11Background, equalTo(score11SeparateSets));
}

Example 2 with Aggregations

use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations in project elasticsearch by elastic.

the class SignificantTermsSignificanceScoreIT method testScoresEqualForPositiveAndNegative.

public void testScoresEqualForPositiveAndNegative(SignificanceHeuristic heuristic) throws Exception {
    //check that results for both classes are the same with exclude negatives = false and classes are routing ids
    SearchResponse response = client().prepareSearch("test").addAggregation(terms("class").field("class").subAggregation(significantTerms("mySignificantTerms").field("text").executionHint(randomExecutionHint()).significanceHeuristic(heuristic).minDocCount(1).shardSize(1000).size(1000))).execute().actionGet();
    assertSearchResponse(response);
    StringTerms classes = response.getAggregations().get("class");
    assertThat(classes.getBuckets().size(), equalTo(2));
    Iterator<Terms.Bucket> classBuckets = classes.getBuckets().iterator();
    Aggregations aggregations = classBuckets.next().getAggregations();
    SignificantTerms sigTerms = aggregations.get("mySignificantTerms");
    Collection<SignificantTerms.Bucket> classA = sigTerms.getBuckets();
    Iterator<SignificantTerms.Bucket> classBBucketIterator = sigTerms.getBuckets().iterator();
    assertThat(classA.size(), greaterThan(0));
    for (SignificantTerms.Bucket classABucket : classA) {
        SignificantTerms.Bucket classBBucket = classBBucketIterator.next();
        assertThat(classABucket.getKey(), equalTo(classBBucket.getKey()));
        assertThat(classABucket.getSignificanceScore(), closeTo(classBBucket.getSignificanceScore(), 1.e-5));
    }
}

Example 3 with Aggregations

use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations in project elasticsearch by elastic.

the class ScriptedMetricIT method testInitMapCombineReduceWithParamsAsSubAgg.

public void testInitMapCombineReduceWithParamsAsSubAgg() {
    Map<String, Object> varsMap = new HashMap<>();
    varsMap.put("multiplier", 1);
    Map<String, Object> params = new HashMap<>();
    params.put("_agg", new ArrayList<>());
    params.put("vars", varsMap);
    Script initScript = new Script(ScriptType.INLINE, CustomScriptPlugin.NAME, "vars.multiplier = 3", Collections.emptyMap());
    Script mapScript = new Script(ScriptType.INLINE, CustomScriptPlugin.NAME, "_agg.add(vars.multiplier)", Collections.emptyMap());
    Script combineScript = new Script(ScriptType.INLINE, CustomScriptPlugin.NAME, "sum agg values as a new aggregation", Collections.emptyMap());
    Script reduceScript = new Script(ScriptType.INLINE, CustomScriptPlugin.NAME, "sum aggs of agg values as a new aggregation", Collections.emptyMap());
    SearchResponse response = client().prepareSearch("idx").setQuery(matchAllQuery()).setSize(1000).addAggregation(histogram("histo").field("l_value").interval(1).subAggregation(scriptedMetric("scripted").params(params).initScript(initScript).mapScript(mapScript).combineScript(combineScript).reduceScript(reduceScript))).get();
    assertSearchResponse(response);
    assertThat(response.getHits().getTotalHits(), equalTo(numDocs));
    Aggregation aggregation = response.getAggregations().get("histo");
    assertThat(aggregation, notNullValue());
    assertThat(aggregation, instanceOf(Histogram.class));
    Histogram histoAgg = (Histogram) aggregation;
    assertThat(histoAgg.getName(), equalTo("histo"));
    List<? extends Bucket> buckets = histoAgg.getBuckets();
    assertThat(buckets, notNullValue());
    for (Bucket b : buckets) {
        assertThat(b, notNullValue());
        assertThat(b.getDocCount(), equalTo(1L));
        Aggregations subAggs = b.getAggregations();
        assertThat(subAggs, notNullValue());
        assertThat(subAggs.asList().size(), equalTo(1));
        Aggregation subAgg = subAggs.get("scripted");
        assertThat(subAgg, notNullValue());
        assertThat(subAgg, instanceOf(ScriptedMetric.class));
        ScriptedMetric scriptedMetricAggregation = (ScriptedMetric) subAgg;
        assertThat(scriptedMetricAggregation.getName(), equalTo("scripted"));
        assertThat(scriptedMetricAggregation.aggregation(), notNullValue());
        assertThat(scriptedMetricAggregation.aggregation(), instanceOf(ArrayList.class));
        List<?> aggregationList = (List<?>) scriptedMetricAggregation.aggregation();
        assertThat(aggregationList.size(), equalTo(1));
        Object object = aggregationList.get(0);
        assertThat(object, notNullValue());
        assertThat(object, instanceOf(Number.class));
        assertThat(((Number) object).longValue(), equalTo(3L));
    }
}

Example 4 with Aggregations

use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations in project pancm_project by xuwujing.

the class EsAggregationSearchTest method havingSearch.

/**
 * @Author pancm
 * @Description having
 * @Date  2020/8/21
 * @Param []
 * @return void
 */
private static void havingSearch() throws IOException {
    String index = "";
    SearchRequest searchRequest = new SearchRequest(index);
    searchRequest.indices(index);
    SearchSourceBuilder sourceBuilder = new SearchSourceBuilder();
    BoolQueryBuilder boolQueryBuilder = new BoolQueryBuilder();
    searchRequest.indicesOptions(IndicesOptions.lenientExpandOpen());
    String alias_name = "nas_ip_address_group";
    String group_name = "nas_ip_address";
    String query_name = "acct_start_time";
    String query_type = "gte,lte";
    String query_name_value = "2020-08-05 13:25:55,2020-08-20 13:26:55";
    String[] query_types = query_type.split(",");
    String[] query_name_values = query_name_value.split(",");
    for (int i = 0; i < query_types.length; i++) {
        if ("gte".equals(query_types[i])) {
            boolQueryBuilder.must(QueryBuilders.rangeQuery(query_name).gte(query_name_values[i]));
        }
        if ("lte".equals(query_types[i])) {
            boolQueryBuilder.must(QueryBuilders.rangeQuery(query_name).lte(query_name_values[i]));
        }
    }
    AggregationBuilder aggregationBuilder = AggregationBuilders.terms(alias_name).field(group_name).size(Integer.MAX_VALUE);
    // 声明BucketPath，用于后面的bucket筛选
    Map<String, String> bucketsPathsMap = new HashMap<>(8);
    bucketsPathsMap.put("groupCount", "_count");
    // 设置脚本
    Script script = new Script("params.groupCount >= 1000");
    // 构建bucket选择器
    BucketSelectorPipelineAggregationBuilder bs = PipelineAggregatorBuilders.bucketSelector("having", bucketsPathsMap, script);
    aggregationBuilder.subAggregation(bs);
    sourceBuilder.aggregation(aggregationBuilder);
    // 不需要解释
    sourceBuilder.explain(false);
    // 不需要原始数据
    sourceBuilder.fetchSource(false);
    // 不需要版本号
    sourceBuilder.version(false);
    sourceBuilder.query(boolQueryBuilder);
    searchRequest.source(sourceBuilder);
    System.out.println(sourceBuilder);
    // 同步查询
    SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
    // 查询条数
    long count = searchResponse.getHits().getHits().length;
    Aggregations aggregations = searchResponse.getAggregations();
    // agg(aggregations);
    Map<String, Object> map = new HashMap<>();
    List<Map<String, Object>> list = new ArrayList<>();
    agg(list, aggregations);
    // System.out.println(map);
    System.out.println(list);
}

Example 5 with Aggregations

use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.Aggregations in project pancm_project by xuwujing.

the class EsAggregationSearchTest2 method test.

private static void test() throws IOException {
    // TermsAggregationBuilder termsBuilder = AggregationBuilders.terms("ecid").field("ecid").size(99999);
    // List<FieldSortBuilder> fieldSorts=new ArrayList<>();
    // fieldSorts.add(new FieldSortBuilder("sum_field").order(SortOrder.DESC));
    // termsBuilder.subAggregation(new BucketSortPipelineAggregationBuilder("bucket_field", fieldSorts).from(6000).size(10));
    // 
    AggregationBuilder aggregation = AggregationBuilders.terms("ecid").field("ecid");
    List<FieldSortBuilder> fieldSorts = new ArrayList<>();
    fieldSorts.add(new FieldSortBuilder("id_").order(SortOrder.DESC));
    aggregation.subAggregation(new BucketSortPipelineAggregationBuilder("id", fieldSorts).from(0).size(10));
    SearchResponse searchResponse = search(aggregation);
    // 获取聚合结果
    Aggregations aggregations = searchResponse.getAggregations();
    Map<String, Object> map = new HashMap<>();
    List<Map<String, Object>> list = new ArrayList<>();
    agg(map, list, aggregations);
    logger.info("聚合查询结果:" + list);
    logger.info("------------------------------------");
}