sql - Joins in Elasticsearch - can a nested or parent query handle this join case? -


i have data in elastic (translating table format, how picture it) 

|record id | userid | experiment condition | action taken | |----------|--------|----------------------|--------------| |1         |  1234  | b                    |              | |2         |  1234  |                      |  search      | |3         | 1234   |                      | click        | |4         | 5678   |                    |              | |5         |5678    |                      | search       | |6         |5678    |                      | search       |

and on

what want able find instances action_taken='search' , user in experiment_condition='b'

that's pretty trivial in sql-land, i'm struggling figure out how in elastic.

i've looked @ parent/child queries here: https://www.elastic.co/guide/en/elasticsearch/guide/current/children-agg.html doesn't seem that's want, maybe i'm having trouble wrapping brain around it.

thanks!

edit: here json records in es 

{   "_index": "04-06-2017",   "_type": "logs",   "_id": "record_id_123",   "_score": null,   "_source": {     "@version": "1",     "@timestamp": "2017-04-06t03:59:42.000z",     "datetime": "05/apr/2017:23:59:42 -0400",     "duration": "05/apr/2017:23:59:42 -0400",     "sessionid": "session_hash_1234",     "un": "user_id_1234",     "ev": "login",     "experimentgroup": "b"   },   "fields": {     "@timestamp": [       1491451182000     ]   } }, {   "_index": "04-06-2017",   "_type": "logs",   "_id": "record_id_567",   "_score": null,   "_source": {     "@version": "1",     "@timestamp": "2017-04-06t04:00:22.000z",     "datetime": "06/apr/2017:00:00:22 -0400",     "rc": "200",     "pcd": "85",     "duration": "06/apr/2017:00:00:22 -0400",     "un": "user_id_1234",     "sessionid": "session_hash_1234",     "rtid": "query_hash_1234",     "js": "1",     "rs": "1422x889",     "cd": "16",     "ln": "en",     "tz": "gmt%20-04%3a00",     "action": "toc",     "event": "click",     "node": "button",     "ev": "search",     "query":"query_terms_here"   },   "fields": {     "@timestamp": [       1491451222000     ]   }, }

what want able find records ev='search' users experimentgroup='b'

so after fighting while, decided 2 queries. using elastic plugin python, data needed issue terms query contained list of users.

get users:

blob=es.search(index='my-index', body={   "size": 0,   "query": {     "query_string": {       "query": "settings.experimentgroup:\"a\""     }   } })

then turn list

users_in_group_a = json_normalize(blob['hits']['hits']) unique_users_in_a=list(set(users_in_group_a['_id']))

then results users:

blob = es.search(index='my-index', body={         "size":0,   'query': {           'filtered': {                   'filter': {                           'bool':{                                   'must':[                                           {'terms': { 'userid': [unique_users]}},                                           {'range':{'@timestamp':{'gte':1489280900154,'lte':1491005332057}}}                                           ]                                   }                           }             } })

Comments

Post a Comment

Popular posts from this blog

inversion of control - Autofac named registration constructor injection -

does autofac support specifying registration name in components' constructors? example: ninject's namedattribute . you need use autofac.extras.attributed package on top achieve this so let's have 1 interface , 2 classes: public interface ihello { string sayhello(); } public class englishhello : ihello { public string sayhello() { return "hello"; } } public class frenchhello : ihello { public string sayhello() { return "bonjour"; } } then have consumer class, in want select instance injected: public class helloconsumer { private readonly ihello helloservice; public helloconsumer([withkey("en")] ihello helloservice) { if (helloservice == null) { throw new argumentnullexception("helloservice"); } this.helloservice = helloservice; } public string sayhello() { return this.helloservice.sayhello()...
Read more

verilog - Systemverilog dynamic casting issues -

i've code snippet following in testbench function void write_to_port( my_data_type_base data ); my_data_type_extended data_ext; if(!$cast(data_ext, data)); `uvm_error(get_type_name(), "failed cast"); `uvm_info(get_name(), $psprintf("data_ext :\n%s", data_ext.sprint()), uvm_medium) // write data_ext out port.... endfunction when run it, i'm getting uvm_error "failed cast." i'm not quire sure why $cast not returning 1. can see, i'm printing out extended class data item after casting uvm_info. can see it's being cast properly. if don't use $cast if condition, don't runtime error. isn't coding practice use if dynamic cast check if $cast returning 1 ? what might reason behind cast not returning 1 in above case? i think semicolon on line 'if' not belong? i think consumes if statement, , uvm_error executes regardless of how if evaluates: if(!$cast(data_ext, data)); <- no semico...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more