我正在尝试使用以下查询对以下数据进行elasticsearch来执行术语聚合,输出将名称分解为标记(请参见下面的输出)。因此,我尝试将os_name映射为multi_field,但现在无法通过它查询。是否可以有没有令牌的索引?例如“ Fedora Core”?
查询:
GET /temp/example/_search { "size": 0, "aggs": { "OS": { "terms": { "field": "os_name" } } } }
数据:
... { "_index": "temp", "_type": "example", "_id": "3", "_score": 1, "_source": { "title": "system3", "os_name": "Fedora Core", "os_version": 18 } }, { "_index": "temp", "_type": "example", "_id": "1", "_score": 1, "_source": { "title": "system1", "os_name": "Fedora Core", "os_version": 20 } }, { "_index": "temp", "_type": "example", "_id": "2", "_score": 1, "_source": { "title": "backup", "os_name": "Yellow Dog", "os_version": 6 } } ...
输出:
... { "key": "core", "doc_count": 2 }, { "key": "fedora", "doc_count": 2 }, { "key": "dog", "doc_count": 1 }, { "key": "yellow", "doc_count": 1 } ...
映射:
PUT /temp { "mappings": { "example": { "properties": { "os_name": { "type": "string" }, "os_version": { "type": "long" }, "title": { "type": "string" } } } } }
实际上,您应该像这样更改映射
"os_name": { "type": "string", "fields": { "raw": { "type": "string", "index": "not_analyzed" } } },
并且您的aggs应该更改为:
GET /temp/example/_search { "size": 0, "aggs": { "OS": { "terms": { "field": "os_name.raw" } } } }
