when i run es aggration :
"aggregations": {
"author": {
"terms": {
"field": "author",
"size": 100,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": {
"interactions-c>interactions-sum": "desc"
}
},
"aggregations": {
"interactions-c": {
"children": {
"type": "interactions"
},
"aggregations": {
"interactions-sum": {
"sum": {
"field": "interactions.likes"
}
}
}
}
}
}
}
exception:
{
"error" : {
"root_cause" : [
{
"type" : "aggregation_execution_exception",
"reason" : "Invalid aggregation order path [interactions-c>interactions-sum]. Buckets can only be sorted on a sub-aggregator path that is built out of zero or more single-bucket aggregations within the path and a final single-bucket or a metrics aggregation at the path end. Sub-path [interactions-c] points to non single-bucket aggregation"
}
],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [
{
"shard" : 0,
"index" : "article_20200910",
"node" : "fLYvCQjfTEKG0QIivtn3Hg",
"reason" : {
"type" : "aggregation_execution_exception",
"reason" : "Invalid aggregation order path [interactions-c>interactions-sum]. Buckets can only be sorted on a sub-aggregator path that is built out of zero or more single-bucket aggregations within the path and a final single-bucket or a metrics aggregation at the path end. Sub-path [interactions-c] points to non single-bucket aggregation"
}
}
]
},
"status" : 500
}
this is my index mapping:
{
"article" : {
"aliases" : { },
"mappings" : {
"properties" : {
"author" : {
"type" : "keyword"
},
"interactions" : {
"properties" : {
"comments" : {
"type" : "long"
},
"dislikes" : {
"type" : "long"
},
"forwards" : {
"type" : "long"
},
"likes" : {
"type" : "long"
},
"views" : {
"type" : "long"
}
}
},
"joinField" : {
"type" : "join",
"eager_global_ordinals" : false,
"relations" : {
"article" : [
"interactions"
]
}
}
}
}
}
}
i create a index which use join field (parent :article ;children :interations )
what i want:
aggreate interations number by author (author is a parent index field,interations is a children field)
then order by interations sum value desc
but es says childern aggs is not a single bucket aggs!So is there any way to this?
Related
I have a nested object indexed in elasticsearch (7.10) and I need to visualize it with a kibana table. The problem is that kibana throws in the values from the nested field which have the same name in one column.
Part of the index:
{
"index" : {
"mappings" : {
"properties" : {
"data1" : {
"type" : "keyword"
},
"Details" : {
"type" : "nested",
"properties" : {
"Amount" : {
"type" : "float"
},
"Currency" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"DetailType" : {
"type" : "keyword"
},
"Price" : {
"type" : "float"
},
"Quantity" : {
"type" : "float"
},
"TotalAmount" : {
"type" : "float"
.......
The problem in the table:
How can I get three rows named Details each with one split term (e.g DetailType: "start_fee")?
Update:
I could query the nested object in the console:
GET _search
{
"query": {
"nested": {
"path": "Details",
"query": {
"bool": {
"must": [
{ "match": { "Details.DetailType": "energybased_fee" }}
]
}
},
"inner_hits": {
}
}}}
But how can I visualize in the table only the "inner_hits" value?
I'm using elastic-search v7 and I have mapped object like below.
Items its nested array of objects.
My problem is, when I try search by multi_match items fields, its not working like I expect, result is empty. But when I try to search with query and boolean, its finds my document.
I don't correct understand what a different there, how I understand is query_search its exact matches using for filter and aggregation of data, and multi_match for full text search and autocomplete , right?
And how to find documents searching in root fields and nested fields?
{
"orders" : {
"aliases" : { },
"mappings" : {
"properties" : {
"amazonOrderId" : {
"type" : "keyword"
},
"carrierCode" : {
"type" : "text"
},
"carrierName" : {
"type" : "text"
},
"id" : {
"type" : "keyword"
},
"items" : {
"type" : "nested",
"properties" : {
"amazonItemId" : {
"type" : "keyword"
},
"amazonPrice" : {
"type" : "integer"
},
"amazonQuantity" : {
"type" : "integer"
},
"amazonSku" : {
"type" : "keyword"
},
"graingerItem" : {
"type" : "nested"
},
"graingerOrderId" : {
"type" : "keyword"
},
"graingerPrice" : {
"type" : "integer"
},
"graingerShipDate" : {
"type" : "date"
},
"graingerShipMethod" : {
"type" : "short"
},
"graingerTrackingNumber" : {
"type" : "keyword"
},
"graingerWebNumber" : {
"type" : "keyword"
},
"id" : {
"type" : "keyword"
}
}
}
}
}
}
}
multi_match request
GET orders/_search
{
"query":{
"multi_match" : {
"query": "4.48 - 1 pack - 4.48",
"fields": [
"items.amazonSku",
"carrierCode",
"recipientName"
]
}
}
}
Debugging by _explain api returns me that description
"explanation" : {
"value" : 0.0,
"description" : "Failure to meet condition(s) of required/prohibited clause(s)",
"details" : [
{
"value" : 0.0,
"description" : "no match on required clause (items.amazonSku:4.48 - 1 pack - 4.48)",
"details" : [
{
"value" : 0.0,
"description" : "no matching term",
"details" : [ ]
}
]
},
{
"value" : 0.0,
"description" : "match on required clause, product of:",
"details" : [
{
"value" : 0.0,
"description" : "# clause",
"details" : [ ]
},
{
"value" : 1.0,
"description" : "DocValuesFieldExistsQuery [field=_primary_term]",
"details" : [ ]
}
]
}
]
}
Query search
GET orders/_search
{
"query": {
"nested": {
"path": "items",
"query": {
"bool": {
"must": [
{ "match": { "items.amazonSku": "4.48 - 1 pack - 4.48"}}
]
}
}
}
}
}
Since you are querying on nested field items, you need to include the nested param in your query so that it searches for the nested field object
Modify your search as
{
"query": {
"nested": {
"path": "items",
"query": {
"multi_match": {
"query": "4.48 - 1 pack - 4.48",
"fields": [
"items.amazonSku"
]
}
}
}
}
}
My purpose is to calculate the yield of each benchId. Which means: For each bench, what is the percentage of team that have isPassed=True the first time they pass the test. I would like to have a visualization of each yield for each bench.
My Elasticsearch mapping is:
"test-logs" : {
"mappings" : {
"log" : {
"properties" : {
"benchGroup" : {
"type" : "keyword"
},
"benchId" : {
"type" : "keyword"
},
"date" : {
"type" : "date",
"format" : "yyyy/MM/dd HH:mm:ss"
},
"duration" : {
"type" : "float"
},
"finalStatus" : {
"type" : "keyword"
},
"isCss" : {
"type" : "boolean"
},
"isPassed" : {
"type" : "boolean"
},
"machine" : {
"type" : "keyword"
},
"sha1" : {
"type" : "keyword"
},
"uuid" : {
"type" : "keyword"
},
"team" : {
"type" : "keyword"
}
I tried to divide this issue in several sub-issues. I think I need to aggregate the documents by benchId then sub-aggregate them by team, ordering them by date then taking the first document. Then I think need to use a script to calculate isPassed=True/all first attemps.
No idea how to visualize the result on Kibana though.
I manage to create aggregations with this search:
GET _search
{
"size" : 0,
"aggs": {
"benchId": {
"terms": {
"field": "benchId"
},
"aggs": {
"teams": {
"terms": {
"script": "doc['uut'].join(' & ')",
"size": 10
}
}
}
}
}
}
I get the result I want but I have difficulties to include order by date ascending with limitation to one document by uut
In ElasticSearch range queries can be used with text ("from" : "Bread").
Is it possible to do the same with "range aggregations"?
I am trying :
"aggs" : "slice" {
"range" : { "ranges" : [{"from" : "Bread"}],"field" : "content.keyword"}
}
and I am getting :
"root_cause" : [
{
"type" : "number_format_exception",
"reason" : "For input string: \"Bread\""
}
],
"reason" : "all shards failed",
"phase" : "query",
"caused_by" : {
"reason" : "For input string: \"Bread\"",
"type" : "number_format_exception",
"caused_by" : {
"reason" : "For input string: \"Bread\"",
"type" : "number_format_exception"
}
},
"type" : "search_phase_execution_exception"
If so, would there be a workaround?
You can apply that range query to a terms agg if that's what you're after:
{
"size": 0,
"aggs": {
"filtered_content_terms": {
"filter": {
"range": {
"content.keyword": {
"gte": "Bread"
}
}
},
"aggs": {
"content_terms": {
"terms": {
"field": "content.keyword",
"size": 10
}
}
}
}
}
}
We are using elasticsearch 5.6.4. As mentioned in the ES documentation,
aggregation operates in the context of the query scope, any filter
applied to the query will also apply to the aggregation.
Now, what I have is this :
An index with mapping :
{
"properties":{
"asset":{
"properties":{
"customerId":{
"type":"long"
}
}
},
"software":{
"type": "nested",
"properties":{
"id":{
"type":"long"
},
"name":{
"type":"text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
I have created several documents to perform various tests here. Docs are indexed on customerId. I have in all 10 documents each having 2 or more softwares. For testing aggregations on softwares, I created softwares with same ID across multiple documents. e.g. I have software with Id as 12 twice in doc with customerId 1 and 2 and 3. Also, Doc with customerId 2 has two softwares with Id as 12.
So there are 4 softwares with Id as 12 across documents 1, 2 and 3.
The aggregation result includes only the documents with customerId 1 and not 2 and 3 ,when this query is run :
{
"query" : {
"term":{
"asset.customerId":1
}
},
"aggregations" : {
"aggs" : {
"nested" : {
"path" : "software"
},
"aggregations" : {
"software.id.agg" : {
"terms" : {
"field" : "software.id",
"size" : 10,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
}
}
}
}
But when the query filter is run on a nested type (software.id), aggregation result includes all the docs (1, 2 and 3) and hence the buckets which should be filtered out because of the query are also present. :
{
"query" : {
"nested" : {
"query" : {
"match_phrase_prefix" : {
"software.id" : {
"query" : 12,
"slop" : 100,
"max_expansions" : 50,
"boost" : 1.0
}
}
},
"path" : "software",
"ignore_unmapped" : false,
"score_mode" : "none",
"boost" : 1.0
}
},
"aggregations" : {
"aggs" : {
"nested" : {
"path" : "software"
},
"aggregations" : {
"software.id.agg" : {
"terms" : {
"field" : "software.id",
"size" : 10,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
}
}
}
}
What's the correct way to provide the query filter on nested type so that it is applied on aggregation?