ES权威指南_04_aggs_01 High-Level Concepts

https://www.elastic.co/guide/en/elasticsearch/guide/current/aggregations.html

With aggs, we zoom out to get an overview of our data. Instead of looking for individual docs, we want to analyze and summarize our complete set of data:

1. 最大、最小、平均、中间、最受欢迎

Aggs execute quickly and are near real-time, just like search.This is extremely powerful for reporting and dashboards, you can visualize your data in real time, allowing you to respond immediately.

Finally, aggs operate alongside search requests. This means you can both search/filter docs and perform analytics at the same time, on the same data, in a single request.

To master aggregations, you need to understand only two main concepts:

SELECT COUNT(color) FROM tableGROUP BY color 

• Buckets –>group：分组
  Collections of docs that meet a criterion
• Metrics –>count()，sum() , max()：统计
  Statistics calculated on the docs in a bucket

1 Buckets

As aggs are executed, the values inside each doc are evaluated to determine whether they match a bucket’s criteria. If they match, the doc is placed inside the bucket and the agg continues.

Buckets can also be nested inside other buckets.

Elasticsearch has a variety of buckets, which allow you to partition docs in many ways (by hour, by most-popular terms, by age ranges, by geographical location, and more). But fundamentally they all operate on the same principle: partitioning documents based on criteria.

2 Metrics

Bucketing is the means to an end: it provides a way to group docs in a way that you can calculate interesting metrics.

Most metrics are simple mathematical operations (for example, min, mean, max, and sum) that are calculated using the doc values.In practical terms, metrics allow you to calculate quantities such as the average salary, or the maximum sale price, or the 95th percentile for query latency.

3 Combining the Two

t may even have multiple buckets nested inside other buckets.