I want to learn elasticsearch and I am following this guide:
https://github.com/LisaHJung/Part-2-Understanding-the-relevance-of-your-search-with-Elasticsearch-and-Kibana-
This command worked correctly as described in the guide, it will return buckets with significant_texts:
GET news_headlines/_search
{
"query": {
"match": {
"category": "ENTERTAINMENT"
}
},
"aggregations": {
"popular_in_entertainment": {
"significant_text": {
"field": "headline"
}
}
}
}
I thought I'd explore by trying to find significant_text against ALL documents in my index. But both these attempts gave my zero bucketed items:
GET news_headlines/_search
{
"aggregations": {
"popular_in_entertainment": {
"significant_text": {
"field": "headline"
}
}
}
}
GET news_headlines/_search
{
"query": {
"match_all": { }
},
"aggregations": {
"popular_in_entertainment": {
"significant_text": {
"field": "headline"
}
}
}
}
What did I do wrong? Or is there something about aggregations that I don't understand?
Related
I'm facing some errors with DSL query builder and aggregations.
Tried several approaches and none of them seem to work.
If I remove aggs clause, the query works seamlessly.
Queries below return error: [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME]
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.#timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"aggs": {
"totalCount": {
"sum": {
"field": "count"
}
}
}
}
Using aggs inside body also does not work.
{
"query": {
"bool": {
"filter": [
{
"range": {
"json.#timestamp": {
"gt": "2021-08-22T00:00:00.000Z",
"lt": "2022-10-22T13:41:09.000Z"
}
}
},
{
"term": {
"json.path": "/api/v1/discover"
}
},
{
"wildcard": {
"container.image.name": {
"value": "*prod*"
}
}
}
]
}
},
"body": {
"aggs": {
"group_by_id": {
"terms": {
"field": "cloud.image.id"
}
}
}
}
}
Not even a basic aggs example will succeed.
{
"query": {
"match_all": {}
},
"aggs": {
"objects": {
"terms": {
"field": "json.path"
}
}
}
}
This one returns error: [1:16806] unknown field [aggs]
{
"query": {
"aggs": {
"my-agg-name": {
"terms": {
"field": "json.path"
}
}
}
}
}
What am I doing wrong?
I'm on Elastic Cloud v7.16.2
Just found out what the problem is... Aggregations will only work on Dev Tools page. It will not work on Discover page Seach box.
I've the following query which works fine on Elasticsearch 1.x but does not work on 2.x (I get doc_count: 0) since the bool filter has been deprecated. It's not quite clear to me how to re-write this query using the new Bool Query.
{
"aggregations": {
"events_per_period": {
"filter": {
"bool": {
"must": [
{
"terms": {
"message.facility": [
"facility1",
"facility2",
"facility3"
]
}
}
]
}
}
}
},
"size": 0
}
Any help is greatly appreciated.
I think you might want aggregation on multi fields with filter :-
Here I assume filter for id and aggregation on facility1 and facility2 .
{
"_source":false,
"query": {
"match": {
"id": "value"
}
},
"aggregations": {
"byFacility1": {
"terms": {
"field": "facility1"
},
"aggs": {
"byFacility2": {
"terms": {
"field": "facility2"
}
}
}
}
}
}
if you want aggregation on three field , check link.
For java implementation link2
I am trying to calculate the aggregated average value of a field in my db via elasticsearch.
I am not having any problems calculating the av value without any filtering :
{
"query": {
"match_all":{}
},
"size": 0,
"aggs": {
"avg_quantity": {
"avg": {
"field": "license_offer.unit_price"
}
}
}
}
However I need to exclude from the aggregation docs that have a license_offer.unit_price of 0 (licence_offer is a nested object within license).
I tried different things, this is my latest attempt :
{
"size": 0,
"query": {
"constant_score": {
"filter": {
"license_offer.unit_price": {
"gte": 0
}
}
}
},
"aggs": {
"quantity_stats": {
"stats": {
"field": "license_offer.unit_price"
}
}
}
}
but I am getting an error :
"type": "parsing_exception",
"reason": "no [query] registered for [license_offer.unit_price]",
How do you apply a filter to exclude a specific numerical value on a nested object's field with elastic search ?
Your query is not correct, you're simply missing the range keyword:
{
"size": 0,
"query": {
"constant_score": {
"filter": {
"range": { <--- add this
"license_offer.unit_price": {
"gte": 0
}
}
}
}
},
"aggs": {
"quantity_stats": {
"stats": {
"field": "license_offer.unit_price"
}
}
}
}
You can also move the filter inside the aggregation part:
{
"size": 0,
"aggs": {
"only_positive": {
"filter": {
"range": {
"license_offer.unit_price": {
"gt": 0
}
}
},
"aggs": {
"quantity_stats": {
"stats": {
"field": "license_offer.unit_price"
}
}
}
}
}
}
I have a query that counts the number of images per user:
GET images/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"appID.raw": "myApp"
}
}
]
}
},
"size": 0,
"aggs": {
"perDeviceAggregation": {
"terms": {
"field": "deviceID"
}
}
}
}
It basically works fine, but I would like to exclude all aggregation results for users that have less than 200 images. How can I tweak the query above to achieve this?
Thanks.
You can achieve this by using a Minimum Document Count option.
"aggs": {
"perDeviceAggregation": {
"terms": {
"field": "deviceID",
"min_doc_count": 200
}
}
}
Add a filter aggregation to your terms aggregation with the query clause.
Filter Aggregations
You can modify your above query to look like this.
{
"query": {
"bool": {
"must": [
{
"term": {
"appID.raw": "myApp"
}
}
]
}
},
"size": 0,
"aggs": {
"filtered_users_with_images_count": {
"filter": {
"term": {
"count": 200
}
},
"aggs": {
"perDeviceAggregation": {
"terms": {
"field": "deviceID"
}
}
}
}
}
}
You can modify the filter inside filtered_users_with_images_count to match documents with images greater than 200.
Please also consider to post your data mappings along with query to support your questions.
Is it possible to exclude documents from an aggregation query? I just need to know "count" and "sum" and do not need hits. I did it like this:
{
"query": {
"match_all": {
}
},
"aggs": {
"my_agg": {
"stats": {
"field": "country_id"
}
}
}
}
To focus only on aggregation with a match_all query, you could simply use "size":0 (this specifies you want no query results) with no query:
curl -XPOST "http://localhost:9200/indexname/doctype/_search" -d'
{
"size": 0,
"aggs": {
"my_agg": {
"stats": {
"field": "country_id"
}
}
}
}'
Add to your query ?search_type=count.
For example:
GET /my_index/countries/_search?search_type=count
{
"query": {
"match_all": {
}
},
"aggs": {
"my_agg": {
"stats": {
"field": "country_id"
}
}
}
}