今天项目中发现了个问题:
{ "size" : 0, "query" : { "range" : { "requestTime" : { "from" : 1487572804559, "to" : 1489300804559, "format" : "epoch_millis", "include_lower" : true, "include_upper" : true } } }, "aggregations" : { "events" : { "terms" : { "field" : "eventId", "include" : [ "E_MCRM01" ] }, "aggregations" : { "timestamp" : { "date_histogram" : { "field" : "@timestamp", "interval" : "1d" }, "aggregations" : { "hitPunish" : { "terms" : { "field" : "hitPunish", "size" : 0, "order" : { "_count" : "asc" } } }, "hitExps" : { "terms" : { "field" : "hitExps", "size" : 0, "order" : { "_count" : "asc" } } }, "hit" : { "filter" : { "term" : { "hit" : "1" } } }, "hit/traffic" : { "bucket_script" : { "script" : { "inline" : "if(traffic > 0){hit/traffic} else{ 0 }" }, "format" : "#.##", "buckets_path" : { "traffic" : "_count", "hit" : "hit>_count" } } } } } } } } }正常结果为:
{ "key_as_string": "2017-03-06T00:00:00.000Z", "key": 1488758400000, "doc_count": 12, "hit": { "doc_count": 0 }, "hitPunish": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ ] }, "hitExps": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ ] }, "hit/traffic": { "value": 0, "value_as_string": "0" } }也出现了意料之外的结果:
{ "key_as_string": "2017-03-05T00:00:00.000Z", "key": 1488672000000, "doc_count": 0, "hit": { "doc_count": 0 }, "hitPunish": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ ] }, "hitExps": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ ] } }缺少了
"hit/traffic": { "value": 0, "value_as_string": "0" }这段,导致了数据结构不一致,给数据处理带了一点麻烦。我尝试了修改脚本那段,无论如何改,还是不出现这段。
我初步怀疑是因为doc_count为0时,脚本就失效了。我在官网上也找了下,没有找到证据支持我这点,先记在这。等以后搞清楚了,再回来修改。
