select tag1, tag2, sum(sum_val)
select tag-uid, sum(value) as sum_val
from data_table
group by tag-uid
join tag_table using(tag-uid)
group by tag1, tag2That seems to be a join which Elasticsearch does not support. You are therefore likely to restructure your data when indexing. If you describe the use case and what you are trying to achieve at a higher level someone may be able to help you.
we use es as tsdb, and data we store is look like:
{
"metric": "metric_name",
"@timestamp": "2020-01-01T01:01:01",
"t": {
"key1": "val1",
"key2": "val2"
},
"f": {
"name1": 1.2,
"name2": 2.3
}
}
simple aggregation is ok (but some aggs are still very slow) like:
select t.key2, sum(f.name1) from tsdata where t.key1='val1' group by t.key2
but i have no idea that if we can handle a more complex aggregation like "join" does in mysql
oh, thanks for your replying!!
we use es as tsdb described in:
data look like:
{
"metric": "metric_name",
"@timestamp": "2020-01-01T01:01:01",
"t": {
"key1": "val1",
"key2": "val2"
},
"f": {
"name1": 1.2,
"name2": 2.3
}
}
so, if we want to have more tsdb-use funcs like:
1、"topk( metric_name.f.name1 ) by t.key1 in_every '10m'"
2、"inc-rate( metric_name.f.name1 ) in_every '5m'"
that es aggs can not directly support
my question is:
can i enrich the function of es like udf do in hive ?
or, it's to say that how to create a user defined function in es?
Any ideas ?