func (e *Elastic) GetFieldValues(field string) ([]string, error) {
if !e.initialized {
return nil, unInitErr
}
terms := []string{}
switch field {
case annotate.Source, annotate.Host, annotate.CreationUser, annotate.Owner, annotate.Category:
//continue
default:
return terms, fmt.Errorf("invalid field %v", field)
}
termsAgg := elastic.NewTermsAggregation().Field(field)
res, err := e.Search(e.index).Aggregation(field, termsAgg).Size(e.maxResults).Do()
if err != nil {
return terms, err
}
b, found := res.Aggregations.Terms(field)
if !found {
return terms, fmt.Errorf("expected aggregation %v not found in result", field)
}
for _, bucket := range b.Buckets {
if v, ok := bucket.Key.(string); ok {
terms = append(terms, v)
}
}
return terms, nil
}
func ExampleAggregations() {
// Get a client to the local Elasticsearch instance.
client, err := elastic.NewClient()
if err != nil {
// Handle error
panic(err)
}
// Create an aggregation for users and a sub-aggregation for a date histogram of tweets (per year).
timeline := elastic.NewTermsAggregation().Field("user").Size(10).OrderByCountDesc()
histogram := elastic.NewDateHistogramAggregation().Field("created").Interval("year")
timeline = timeline.SubAggregation("history", histogram)
// Search with a term query
searchResult, err := client.Search().
Index("twitter"). // search in index "twitter"
Query(elastic.NewMatchAllQuery()). // return all results, but ...
SearchType("count"). // ... do not return hits, just the count
Aggregation("timeline", timeline). // add our aggregation to the query
Pretty(true). // pretty print request and response JSON
Do() // execute
if err != nil {
// Handle error
panic(err)
}
// Access "timeline" aggregate in search result.
agg, found := searchResult.Aggregations.Terms("timeline")
if !found {
log.Fatalf("we sould have a terms aggregation called %q", "timeline")
}
for _, userBucket := range agg.Buckets {
// Every bucket should have the user field as key.
user := userBucket.Key
// The sub-aggregation history should have the number of tweets per year.
histogram, found := userBucket.DateHistogram("history")
if found {
for _, year := range histogram.Buckets {
fmt.Printf("user %q has %d tweets in %q\n", user, year.DocCount, year.KeyAsString)
}
}
}
}
func ESDateHistogram(e *State, T miniprofiler.Timer, indexer ESIndexer, keystring string, filter elastic.Query, interval, sduration, eduration, stat_field, rstat string, size int) (r *Results, err error) {
r = new(Results)
req, err := ESBaseQuery(e.now, indexer, e.elasticHosts, filter, sduration, eduration, size)
if err != nil {
return nil, err
}
// Extended bounds and min doc count are required to get values back when the bucket value is 0
ts := elastic.NewDateHistogramAggregation().Field(indexer.TimeField).Interval(strings.Replace(interval, "M", "n", -1)).MinDocCount(0).ExtendedBoundsMin(req.Start).ExtendedBoundsMax(req.End)
if stat_field != "" {
ts = ts.SubAggregation("stats", elastic.NewExtendedStatsAggregation().Field(stat_field))
switch rstat {
case "avg", "min", "max", "sum", "sum_of_squares", "variance", "std_deviation":
default:
return r, fmt.Errorf("stat function %v not a valid option", rstat)
}
}
if keystring == "" {
req.Source = req.Source.Aggregation("ts", ts)
result, err := timeESRequest(e, T, req)
if err != nil {
return nil, err
}
ts, found := result.Aggregations.DateHistogram("ts")
if !found {
return nil, fmt.Errorf("expected time series not found in elastic reply")
}
series := make(Series)
for _, v := range ts.Buckets {
val := processESBucketItem(v, rstat)
if val != nil {
series[time.Unix(v.Key/1000, 0).UTC()] = *val
}
}
if len(series) == 0 {
return r, nil
}
r.Results = append(r.Results, &Result{
Value: series,
Group: make(opentsdb.TagSet),
})
return r, nil
}
keys := strings.Split(keystring, ",")
aggregation := elastic.NewTermsAggregation().Field(keys[len(keys)-1]).Size(0)
aggregation = aggregation.SubAggregation("ts", ts)
for i := len(keys) - 2; i > -1; i-- {
aggregation = elastic.NewTermsAggregation().Field(keys[i]).Size(0).SubAggregation("g_"+keys[i+1], aggregation)
}
req.Source = req.Source.Aggregation("g_"+keys[0], aggregation)
result, err := timeESRequest(e, T, req)
if err != nil {
return nil, err
}
top, ok := result.Aggregations.Terms("g_" + keys[0])
if !ok {
return nil, fmt.Errorf("top key g_%v not found in result", keys[0])
}
var desc func(*elastic.AggregationBucketKeyItem, opentsdb.TagSet, []string) error
desc = func(b *elastic.AggregationBucketKeyItem, tags opentsdb.TagSet, keys []string) error {
if ts, found := b.DateHistogram("ts"); found {
if e.squelched(tags) {
return nil
}
series := make(Series)
for _, v := range ts.Buckets {
val := processESBucketItem(v, rstat)
if val != nil {
series[time.Unix(v.Key/1000, 0).UTC()] = *val
}
}
if len(series) == 0 {
return nil
}
r.Results = append(r.Results, &Result{
Value: series,
Group: tags.Copy(),
})
return nil
}
if len(keys) < 1 {
return nil
}
n, _ := b.Aggregations.Terms("g_" + keys[0])
for _, item := range n.Buckets {
key := fmt.Sprint(item.Key)
tags[keys[0]] = key
if err := desc(item, tags.Copy(), keys[1:]); err != nil {
return err
}
}
return nil
}
for _, b := range top.Buckets {
tags := make(opentsdb.TagSet)
key := fmt.Sprint(b.Key)
tags[keys[0]] = key
if err := desc(b, tags, keys[1:]); err != nil {
return nil, err
}
}
return r, nil
}