現(xiàn)在有一個(gè)需求�����,需要對(duì)用戶操作進(jìn)行統(tǒng)計(jì)���,因?yàn)閿?shù)據(jù)丟在mysql里面必定會(huì)有很大的數(shù)據(jù)量,所以準(zhǔn)備用elasticsearch�。目前碰到一個(gè)問題,直接貼出結(jié)構(gòu)
{
"_index": "test_vpn_operation-2018-04-08",
"_type": "vpn_operation",
"_id": "AWKiw45UfMhbLGkLP-v3",
"_score": null,
"_source": {
"app_version": "2.0.0",
"dateline": 1523149062,
"channel": "pc",
"edition": "jichu",
"message": "{\"date_time\":\"2018-04-08T08:59:07\",\"account_id\":447189,\"operation\":[{\"account_id\":\"447189\",\"operation_id\":1,\"timestamp\":1523149062},{\"account_id\":\"447189\",\"operation_id\":1,\"timestamp\":1523149063}],\"channel\":\"pc\",\"edition\":\"jichu\",\"app_version\":\"2.0.0\",\"dateline\":1523149062}",
"type": "vpn_operation",
"path": "/data/wwwroot/vpnApi/elklog/vpn_operation_record_20180408",
"@timestamp": "2018-04-08T00:59:07.722Z",
"account_id": 447189,
"date_time": "2018-04-08T08:59:07",
"@version": "1",
"host": "JG-otter",
"operation": [
{
"operation_id": 1,
"account_id": "447189",
"timestamp": 1523149062
},
{
"operation_id": 1,
"account_id": "447189",
"timestamp": 1523149063
}
]
},
"fields": {
"date_time": [
1523177947000
],
"@timestamp": [
1523149147722
]
},
"highlight": {
"message": [
"{\"date_time\":\"2018-04-08T08:59:@kibana-highlighted-field@07@/kibana-highlighted-field@\",\"account_id\":447189,\"operation\":[{\"account_id\":\"447189\",\"operation_id\":1,\"timestamp\":1523149062},{\"account_id\":\"447189\",\"operation_id\":1,\"timestamp\":1523149063}],\"channel\":\"pc\",\"edition\":\"jichu\",\"app_version\":\"2.0.0\",\"dateline\":1523149062}"
]
},
"sort": [
1523149147722
]
}
本來想通過聚合operation.operation_id實(shí)現(xiàn)mysql類似于group by的統(tǒng)計(jì)操作���,但是發(fā)現(xiàn)數(shù)據(jù)不準(zhǔn)確�。因?yàn)閛peration下面并不存在operation_id這個(gè)字段,有什么方法可以達(dá)到類似的需求���,或者我這邊需要如何調(diào)整結(jié)構(gòu)���,以實(shí)現(xiàn)需求
