cardinality 去重
body={ "aggs": { "threat_name_aggs": { "cardinality": { "field": "alert.threat_name.keyword" } } }, "collapse":{ "field":"alert.threat_name.keyword", "inner_hits": { "name": "top_rated", "size": 1 } }, "size": 1 }
search_result = self.es_client.search(body=body, index=index,filter_path=["hits.hits._source"],_source_includes=["alert.threat_name"])
聚合
"aggs": { "threat_name_aggs": { "terms": { "field": "alert.threat_name.keyword", "size": 100 } }, "severity_aggs": { "terms": { "field": "alert.severity.keyword", "size": 100 } }, "alarm_type_aggs": { "terms": { "field": "alert.alarm_type.keyword", "size": 1000 } } }
折叠
"collapse":{ "field":"alert.severity.keyword" }, "collapse":{ "field":"alert.alarm_type.keyword" }, "collapse":{ "field":"alert.threat_name.keyword" }, "collapse":{ "field":"alert.level_2_alarm_type.keyword" }, "size": 1000