My mapping model:
// TypeLog: Error, Info, Warn
{
"onef-sora": {
"mappings": {
"Log": {
"properties": {
"application": {
"type": "string",
"index": "not_analyzed"
}
"typeLog": {
"type": "string"
}
}
}
}
}
}
My query:
{
"size": 0,
"aggs": {
"application": {
"terms": {
"field": "application",
"order" : { "_count" : "desc"},
"size": 5
},
"aggs": {
"typelogs": {
"terms": {
"field": "typeLog",
"order" : { "_term" : "asc"}
}
}
}
}
}
}
I want get top 5 application has most error, but term aggregation order support three key : _count, _term, _key. How do I order by typeLog doc_count in my query. Thanks !!!
Result I want:
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 10000,
"max_score": 0,
"hits": []
},
"aggregations": {
"application": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 5000,
"buckets": [
{
"key": "OneF0",
"doc_count": 1000,
"typelogs": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "error",
"doc_count": 334
},
{
"key": "info",
"doc_count": 333
},
{
"key": "warn",
"doc_count": 333
}
]
}
},
{
"key": "OneF1",
"doc_count": 1000,
"typelogs": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "error",
"doc_count": 333
},
{
"key": "info",
"doc_count": 334
},
{
"key": "warn",
"doc_count": 333
}
]
}
},
{
"key": "OneF2",
"doc_count": 1000,
"typelogs": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "error",
"doc_count": 332
},
{
"key": "info",
"doc_count": 333
},
{
"key": "warn",
"doc_count": 334
}
]
}
}
]
}
}
}
As you to get the top 5 applications with most errors, you can filter to keep only error logs in query (you could use a filter). Then you only need order you sub-term aggregation by descending count
{
"size": 0,
"query": {
"term": {
"typeLog": "Error"
}
},
"aggs": {
"application": {
"terms": {
"field": "application",
"order": {
"_count": "desc"
},
"size": 5
},
"aggs": {
"typelogs": {
"terms": {
"field": "typeLog",
"order": {
"_count": "desc"
}
}
}
}
}
}
}
To keep all typeLogs, you may need to perform your query the other way
{
"size": 0,
"aggs": {
"typelogs": {
"terms": {
"field": "typeLog",
"order": {
"_count": "asc"
}
},
"aggs": {
"application": {
"terms": {
"field": "application",
"order": {
"_count": "desc"
},
"size": 5
}
}
}
}
}
}
You will have 3 first level buckets, the the top 5 applications by type of log
Related
I am looking for a script to find the value of $6383.12 for Accounts Receivable (A/R) in this code. There are several values I want to be able to find but I can't seem to figure out how to structure my code to find the values I need.
I have spent time looking through and testing various versions of arrays, ILIst<> and other suggestions but I can't seem to get the final result I am looking for. I can find a single value (for example "Savings") but I don't know how to get the $800 value.
The script I am using is:
var root = JToken.Parse(data);
IList<JToken> t = root.SelectTokens("$...ColData[?(#.value == 'Accounts Receivable (A/R)')]").ToList();
foreach (var item in t)
{
Response.Write(item.ToString() + "<br/><br/>");
}
This gives me the Accounts Receivable (A/R) value but not the dollar value associated with it.
Here is the JSON result I am trying to parse through:
{
"Header": {
"ReportName": "BalanceSheet",
"Option": [
{
"Name": "AccountingStandard",
"Value": "GAAP"
},
{
"Name": "NoReportData",
"Value": "false"
}
],
"DateMacro": "this calendar year-to-date",
"ReportBasis": "Accrual",
"StartPeriod": "2016-01-01",
"Currency": "USD",
"EndPeriod": "2016-10-31",
"Time": "2016-10-31T09:42:21-07:00",
"SummarizeColumnsBy": "Total"
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "ASSETS"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "Current Assets"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "Bank Accounts"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "35",
"value": "Checking"
},
{
"value": "1350.55"
}
],
"type": "Data"
},
{
"ColData": [
{
"id": "36",
"value": "Savings"
},
{
"value": "800.00"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "BankAccounts",
"Summary": {
"ColData": [
{
"value": "Total Bank Accounts"
},
{
"value": "2150.55"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Accounts Receivable"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "84",
"value": "Accounts Receivable (A/R)"
},
{
"value": "6383.12"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "AR",
"Summary": {
"ColData": [
{
"value": "Total Accounts Receivable"
},
{
"value": "6383.12"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Other current assets"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "81",
"value": "Inventory Asset"
},
{
"value": "596.25"
}
],
"type": "Data"
},
{
"ColData": [
{
"id": "4",
"value": "Undeposited Funds"
},
{
"value": "2117.52"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "OtherCurrentAssets",
"Summary": {
"ColData": [
{
"value": "Total Other current assets"
},
{
"value": "2713.77"
}
]
}
}
]
},
"type": "Section",
"group": "CurrentAssets",
"Summary": {
"ColData": [
{
"value": "Total Current Assets"
},
{
"value": "11247.44"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Fixed Assets"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"id": "37",
"value": "Truck"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "38",
"value": "Original Cost"
},
{
"value": "13495.00"
}
],
"type": "Data"
}
]
},
"type": "Section",
"Summary": {
"ColData": [
{
"value": "Total Truck"
},
{
"value": "13495.00"
}
]
}
}
]
},
"type": "Section",
"group": "FixedAssets",
"Summary": {
"ColData": [
{
"value": "Total Fixed Assets"
},
{
"value": "13495.00"
}
]
}
}
]
},
"type": "Section",
"group": "TotalAssets",
"Summary": {
"ColData": [
{
"value": "TOTAL ASSETS"
},
{
"value": "24742.44"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "LIABILITIES AND EQUITY"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "Liabilities"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "Current Liabilities"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"Header": {
"ColData": [
{
"value": "Accounts Payable"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "33",
"value": "Accounts Payable (A/P)"
},
{
"value": "1984.17"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "AP",
"Summary": {
"ColData": [
{
"value": "Total Accounts Payable"
},
{
"value": "1984.17"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Credit Cards"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "41",
"value": "Mastercard"
},
{
"value": "157.72"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "CreditCards",
"Summary": {
"ColData": [
{
"value": "Total Credit Cards"
},
{
"value": "157.72"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Other Current Liabilities"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "89",
"value": "Arizona Dept. of Revenue Payable"
},
{
"value": "4.55"
}
],
"type": "Data"
},
{
"ColData": [
{
"id": "90",
"value": "Board of Equalization Payable"
},
{
"value": "401.98"
}
],
"type": "Data"
},
{
"ColData": [
{
"id": "43",
"value": "Loan Payable"
},
{
"value": "4000.00"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "OtherCurrentLiabilities",
"Summary": {
"ColData": [
{
"value": "Total Other Current Liabilities"
},
{
"value": "4406.53"
}
]
}
}
]
},
"type": "Section",
"group": "CurrentLiabilities",
"Summary": {
"ColData": [
{
"value": "Total Current Liabilities"
},
{
"value": "6548.42"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Long-Term Liabilities"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "44",
"value": "Notes Payable"
},
{
"value": "25000.00"
}
],
"type": "Data"
}
]
},
"type": "Section",
"group": "LongTermLiabilities",
"Summary": {
"ColData": [
{
"value": "Total Long-Term Liabilities"
},
{
"value": "25000.00"
}
]
}
}
]
},
"type": "Section",
"group": "Liabilities",
"Summary": {
"ColData": [
{
"value": "Total Liabilities"
},
{
"value": "31548.42"
}
]
}
},
{
"Header": {
"ColData": [
{
"value": "Equity"
},
{
"value": ""
}
]
},
"Rows": {
"Row": [
{
"ColData": [
{
"id": "34",
"value": "Opening Balance Equity"
},
{
"value": "-9337.50"
}
],
"type": "Data"
},
{
"ColData": [
{
"id": "2",
"value": "Retained Earnings"
},
{
"value": "91.25"
}
],
"type": "Data"
},
{
"ColData": [
{
"value": "Net Income"
},
{
"value": "2440.27"
}
],
"type": "Data",
"group": "NetIncome"
}
]
},
"type": "Section",
"group": "Equity",
"Summary": {
"ColData": [
{
"value": "Total Equity"
},
{
"value": "-6805.98"
}
]
}
}
]
},
"type": "Section",
"group": "TotalLiabilitiesAndEquity",
"Summary": {
"ColData": [
{
"value": "TOTAL LIABILITIES AND EQUITY"
},
{
"value": "24742.44"
}
]
}
}
]
},
"Columns": {
"Column": [
{
"ColType": "Account",
"ColTitle": "",
"MetaData": [
{
"Name": "ColKey",
"Value": "account"
}
]
},
{
"ColType": "Money",
"ColTitle": "Total",
"MetaData": [
{
"Name": "ColKey",
"Value": "total"
}
]
}
]
}
}
You can try this,
var json = File.ReadAllText("json1.json");
var jToken = JToken.Parse(json);
var reader = jToken.CreateReader();
while (reader.Read())
{
var value = reader.Value;
if (value != null && value.ToString() == "Accounts Receivable (A/R)")
{
var test = jToken.SelectToken(reader.Path.Replace("[0].value", "[1].value"));
}
}
If it's not doable to write json path which selects proper tokens you could try using Parent property and Children method.
foreach (var item in t)
{
var valueToken = item.Parent.Children().ElementAt(1);
Response.Write(valueToken.ToString() + "<br/><br/>");
}
I am building a .NET Webhook following this tutorial, dialogflow fulfillment with c and app engine.
Everything works fine except when I want to set up DailyUpdates with a RegisterUpdate Intent.
When the "setup_notification_update" intent calls the webhook I sendthis kind of JSON in response:
{
"fulfillmentText": "Notifica programmata",
"fulfillmentMessages": [
{
"card": {
"title": "Notifica programmata",
"subtitle": "Notifica programmata con successo",
"imageUri": "https://assistant.google.com/static/images/molecule/Molecule-Formation-stop.png",
"buttons": [
{
"text": "Valutami",
"postback": "https://macoev.com/"
}
]
}
}
],
"payload": {
"google": {
"expectUserResponse": true,
"richResponse": {
"items": [
{
"simpleResponse": {
"textToSpeech": "Questa รจ la risposta di avvenuto successo per la programmazione della notifica"
}
}
]
},
"systemIntent": {
"intent": "actions.intent.REGISTER_UPDATE",
"data": {
"#type": "type.googleapis.com/google.actions.v2.RegisterUpdateValueSpec",
"intent": "get_stats_notification",
"arguments": [
{
"name": "category",
"textValue": "Daily_lowest_temperature"
}
],
"triggerContext": {
"timeContext": {
"frequency": "DAILY"
}
}
}
}
}
}
}
The problem is that the intent that has REGISTER_UPDATE as its event does not get triggered, resulting in the notification not being scheduled.
This is the response that I set when that event get triggered:
{
"responseId": "",
"queryResult": {
"queryText": "",
"action": "",
"parameters": {},
"allRequiredParamsPresent": true,
"fulfillmentText": "",
"fulfillmentMessages": [],
"outputContexts": [],
"intent": {
"name": "finish_update_setup",
"displayName": "finish_update_setup"
},
"intentDetectionConfidence": 1,
"diagnosticInfo": {},
"languageCode": ""
},
"originalDetectIntentRequest": {
"source": "google",
"version": "2",
"payload": {
"isInSandbox": true,
"surface": {
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
},
"inputs": [
{
"rawInputs": [],
"intent": "",
"arguments": [
{
"name": "REGISTER_UPDATE",
"extension": {
"#type": "type.googleapis.com/google.actions.v2.RegisterUpdateValue",
"status": "OK"
}
},
{
"name": "text",
"rawText": "04:10pm",
"textValue": "04:10pm"
}
]
}
],
"user": {},
"conversation": {},
"availableSurfaces": [
{
"capabilities": [
{
"name": "actions.capability.SCREEN_OUTPUT"
},
{
"name": "actions.capability.AUDIO_OUTPUT"
},
{
"name": "actions.capability.MEDIA_RESPONSE_AUDIO"
},
{
"name": "actions.capability.WEB_BROWSER"
}
]
}
]
}
},
"session": ""
}
Any idea why? Any help will be appreciated. Thanks in advance.
I want to extract the field names where the search text appears in the elastic search (stored) indexed documents.
Is this type of querying possible in elastic search, I am using Nest Client in C#
Please refer to the example below:
Example: employee document
{
"first_name" : "emp first",
"last_name" : "emp last"
}
Input search text: "first"
Expected out : ["first_name"]
Input search text : "emp"
Expected output : ["first_name", "last_name"]
Thanks,
AT
There is a feature in elasticsearch "Named Queries", you can named each query and elasticsearch will return the matched queries names
For your case you can use this query
GET index/doc_type/_search
{
"_source": [
"first_name",
"last_name"
],
"query": {
"bool": {
"should": [
{
"match": {
"first_name": {
"query": "emp",
"_name": "first_name"
}
}
},
{
"match": {
"last_name": {
"query": "emp",
"_name": "last_name"
}
}
}
]
}
}
}
Elasticsearch will return result like this one
{
"took": 90,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 16.399673,
"hits": [
{
"_index": "index",
"_type": "doc_type",
"_id": "1",
"_score": 16.399673,
"_routing": "1",
"_source": {
"first_name": "emp first",
"last_name": "emp last"
},
"matched_queries": [
"first_name",
"last_name"
]
}
]
}
}
You can also do the same thing with highlighting
GET index/doc_type/_search
{
"_source": [
"first_name",
"last_name"
],
"query": {
"bool": {
"should": [
{
"match": {
"first_name": "emp"
}
},
{
"match": {
"last_name": "emp"
}
}
]
}
},
"highlight": {
"fields": {
"first_name": {},
"last_name" : {}
}
}
}
Sample Response :
{
"took": 90,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 16.399673,
"hits": [
{
"_index": "index",
"_type": "doc_type",
"_id": "1",
"_score": 16.399673,
"_routing": "1",
"_source": {
"first_name": "emp first",
"last_name": "emp last"
},
"highlight": [
"first_name" : ["<em>emp</em> first"],
"last_name" : ["<em>emp</em> last"]
]
}
]
}
}
When I use Kibana to execute the following Searchrequest to Elasticsearch
GET _search
{
"query": {
"query_string": {
"query": "PDB_W2237.docx",
"default_operator": "AND"
}
}
}
it returns:
{
"took": 14,
"timed_out": false,
"_shards": {
"total": 15,
"successful": 15,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 6.3527603,
"hits": [
{
"_index": "proconact",
"_type": "proconact",
"_id": "68cecf2c-7e5a-11e5-80fa-000c29bd9450",
"_score": 6.3527603,
"_source": {
"Id": "68cecf2c-7e5a-11e5-80fa-000c29bd9450",
"ActivityId": "1bad9115-7e5a-11e5-80fa-000c29bd9450",
"ProjectId": "08938a1d-2429-11e5-80f9-000c29bd9450",
"Filename": "PDB_W2237.docx"
}
}
]
}
}
When I use the NEST ElasticClient like
var client = new ElasticClient();
var searchResponse = client.Search<Hit>(new SearchRequest {
Query = new QueryStringQuery {
Query = "DB_W2237.docx",
DefaultOperator = Operator.And
}
});
it do return 0 Hits.
Here is the Indexmapping for the 4 Fields in the Hit:
{
"proconact": {
"mappings": {
"proconact": {
"properties": {
"ActivityId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"Filename": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"Id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"ProjectId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
Are the two search-requests not the same?
The problem is your mapping doesn't allow a token different than whatever is present in your index.
In your kibana query:
GET _search
{
"query": {
"query_string": {
"query": "PDB_W2237.docx",
"default_operator": "AND"
}
}
}
You're querying PDB_W2237.docx but in your NEST you're querying DB_W2237.docx.
If you want to query DB_W2237.docx and expecting results then you might have to change the analyzer from standard analyzer which is applied by default to something else a possible candidate depends on your usecase.
I have an ElasticSearch database with some documents in it. Each documents has its own timestamp field.
I currently have a WebApi which requires two timestamps, startTime and endTime. The WebApi simply performs a query on ES to grab the documents which have the timestamps in the given range.
This is my current query:
var readRecords = ElasticClient.Search<SegmentRecord>(s => s
.Index(ElasticIndexName)
.Filter(f =>
f.Range(i =>
i.OnField(a => a.DateTime).GreaterOrEquals(startTime).LowerOrEquals(endTime))).Size(MaximumNumberOfReturnedDocs).SortAscending(p => p.DateTime)).Documents;
Very simple, it's basically a range query based on the startTime and endTime parameters. And it works. :-)
Now the problem is: I need to retrieve even the latest document which has got a timestamp lower than startTime.
So basically the final query should be:
all the document in the range [startTime, endTime]
AND
the latest document in time which has a timestamp < startTime
the first part obviously can return any number of records, zero, just one or many
the second part should return just one document, (or zero if doesn't exist any document prior to starTime)
Something like this I meant in my comment above:
{
"query": {
"filtered": {
"filter": {
"range": {
"time": {
"gte": "2015-06-04",
"lte": "2015-06-05"
}
}
}
}
},
"aggs": {
"global_all_docs_agg": {
"global": {},
"aggs": {
"filter_for_min": {
"filter": {
"range": {
"time": {
"lte": "2015-06-04"
}
}
},
"aggs": {
"min_date": {
"top_hits": {
"size": 1,
"sort": [
{
"time": "asc"
}
]
}
}
}
}
}
}
}
}
The result looks like this:
"hits": [
{
"_index": "sss",
"_type": "test",
"_id": "1",
"_score": 1,
"_source": {
"time": "2015-06-05"
}
},
{
"_index": "sss",
"_type": "test",
"_id": "2",
"_score": 1,
"_source": {
"time": "2015-06-04"
}
},
{
"_index": "sss",
"_type": "test",
"_id": "4",
"_score": 1,
"_source": {
"time": "2015-06-05"
}
}
]
},
"aggregations": {
"global_all_docs_agg": {
"doc_count": 6,
"filter_for_min": {
"doc_count": 4,
"min_date": {
"hits": {
"total": 4,
"max_score": null,
"hits": [
{
"_index": "sss",
"_type": "test",
"_id": "5",
"_score": null,
"_source": {
"time": "2015-06-01"
},
"sort": [
1433116800000
]
}
]
}
}
}
}
}
The list between startTime and endTime is under hits. The minimum lower than startTime is under aggregations.