I'm can't figure out how sorting the buckets results. I'm using ES 6.3 and following suggested docs. I'm trying to sort the results putting "bucket_sort" aggregation, but getting error. The follow query works but returns the buckets in same order no matter I put "sort" clause with 'asc' or 'desc' after "query" body:
{
"query": {
"bool":{
"filter":{
"wildcard": {
"datas.295.keyword": {
"value":"*w*"
}
}
}
}
},
"sort":[
{
"datas.295.keyword": {
"order" : "desc"
}
}
],
"aggs": {
"AGGREGATE_UNIQUE_VALUES_FROM_REPEATED": {
"terms": {
"field": "datas.295.keyword"
}
}
}}
returning records matchs with operating system windows XP, Windows Vista etc. But How to sort it in ascending order? I'm try this:
{
"query": {
"bool":{
"filter":{
"wildcard": {
"datas.295.keyword": {
"value":"*w*"
}
}
}
}
},
"aggs": {
"AGGREGATE_UNIQUE_VALUES_FROM_REPEATED": {
"terms": {
"field": "datas.295.keyword"
},
"aggs": {
"bucket_sort":{
"sort": [
{
"datas.295.keyword": {"order": "asc"}
}
]
}
}
}
}}
This query raising 'Expected [START_OBJECT] under [sort], but got a [START_ARRAY] in [bucket_sort]' error
Thank for read!
The hits and aggs are separate parts of the API. What you need is the terms' bucket order:
{
"query": {
"bool": {
"filter": {
"wildcard": {
"datas.295.keyword": {
"value": "*w*"
}
}
}
}
},
"sort": [
{
"datas.295.keyword": {
"order": "desc"
}
}
],
"aggs": {
"AGGREGATE_UNIQUE_VALUES_FROM_REPEATED": {
"terms": {
"field": "datas.295.keyword",
"order": {
"_key": "desc"
}
}
}
}
}
Related
I need to do an aggregation but only with the limited results I get form the query, but it is not working, it returns other results outside the size limit of the query. Here is the query I am doing
{
"size": 500,
"query": {
"bool": {
"must": [
{
"term": {
"tags.keyword": "possiblePurchase"
}
},
{
"term": {
"clientName": "Ci"
}
},
{
"range": {
"firstSeenDate": {
"gte": "now-30d"
}
}
}
],
"must_not": [
{
"term": {
"tags.keyword": "skipPurchase"
}
}
]
}
},
"sort": [
{
"firstSeenDate": {
"order": "desc"
}
}
],
"aggs": {
"byClient": {
"terms": {
"field": "clientName",
"size": 25
},
"aggs": {
"byTarget": {
"terms": {
"field": "targetName",
"size": 6
},
"aggs": {
"byId": {
"terms": {
"field": "id",
"size": 5
}
}
}
}
}
}
}
}
I need the aggregations to only consider the first 500 results of the query, sorted by the field I am requesting on the query. I am completely lost. Thanks for the help
Scope of the aggregation is the number of hits of your query, the size parameter is only used to specify the number of hits to fetch and display.
If you want to restrict the scope of the aggregation on the first n hits of a query, I would suggest the sampler aggregation in combination with your query
I'm using kibana 4.4.1 and in elasticsearch I store the status of PC, only when PC status is changed (open, closed, warings, etc)
My data into Elasticsearch looks like:
{ "status_id":1 , "pc":"lpt001" , "date":"2016-10-25T17:49:00Z" }
{ "status_id":3 , "pc":"lpt001" , "date":"2016-10-25T15:48:00Z" }
{ "status_id":4 , "pc":"lpt002" , "date":"2016-10-25T15:46:00Z" }
{ "status_id":1 , "pc":"lpt002" , "date":"2016-10-25T12:48:00Z" }
And I what to get the newest record in order to have at any time how many PC's are opened, closed or have some issues.
My query is like:
GET cb-2016.10.26/_search
{
"query": {
"match_all": { }
},
"sort": [
{
"date": {
"order": "desc"
}
}
],
"aggs": {
"max_date":{
"max": {
"field": "date"
}
}
}
}
And the result is:
"aggregations": {
"max_date": {
"value": 1477417680000,
"value_as_string": "2016-10-25T17:48:00.000Z"
}
}
But What I want is to have that max_date for each "pc": "lpt001", "lpt002".
There is any way to split max_date by "pc" field? I read something about bucket aggregations but I did not reach the result.
Thank you
Yes, you can do it like this using a terms aggregation for the pc field and then move the max_date to a sub-aggregation of the terms one:
POST cb-2016.10.26/_search
{
"query": {
"match_all": { }
},
"sort": [
{
"date": {
"order": "desc"
}
}
],
"aggs": {
"pcs": {
"terms": {
"field": "pc"
},
"aggs": {
"max_date":{
"max": {
"field": "date"
}
}
}
}
}
}
the final query looks like:
{
"query": {
"match_all": { }
},
"aggs" : {
"pcstatus" : {
"terms" : {
"field" : "pc"
},
"aggs": {
"top_date_hit": {
"top_hits": {
"sort": [
{
"date": {
"order": "desc"
}
}
],
"size" : 1
}
}
}
}
}
}
{
"aggs":{
"nest_exams":{
"nested":{
"path": "exams"
},
"aggs":{
"exams":{
"filter" : {
"term": {
"exams.exam_id": 96690
}
},
"aggs":{
"nested_attempts":{
"nested":{
"path": "exams.attempts"
},
"aggs":{
"user_attempts":{
"terms":{
"field": "exams.attempts.user_id",
"size": 0
},
"aggs":{
"max_score":{
"max":{
"field": "exams.attempts.order_score"
}
}
}
}
}
}
}
}
}
}
}
Hello, I have this aggregation query. The problem is that even I can found the max_score per user, I can't sub aggregate to the max aggregator to find the date of this best score.
An attempt have user_id,order_score,date_start
An alternative is to not run the max metric sub-aggregation, but a top_hits instead sorted by descending max_score so you can retrieve the date_start of that document:
{
"aggs": {
"nest_exams": {
"nested": {
"path": "exams"
},
"aggs": {
"exams": {
"filter": {
"term": {
"exams.exam_id": 96690
}
},
"aggs": {
"nested_attempts": {
"nested": {
"path": "exams.attempts"
},
"aggs": {
"user_attempts": {
"terms": {
"field": "exams.attempts.user_id",
"size": 0
},
"aggs": {
"max_score": {
"top_hits": {
"sort": {
"exams.attempts.order_score": "desc"
},
"size": 1,
"_source": [
"date_start"
]
}
}
}
}
}
}
}
}
}
}
}
}
I am trying to execute a query in elasticsearch to get reuslt of specific users from certain date range. the results should be grouped by userId and sorted on trackTime field, I am able to use group by using aggregation but i am not able to sort aggregation buckets on tracktime, i write down the following query
GET _search
{
"size": 0,
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"range": {
"trackTime": {
"from": "2016-02-08T05:51:02.000Z"
}
}
}
]
}
},
"filter": {
"terms": {
"userId": [
9,
10,
3
]
}
}
}
},
"aggs": {
"by_district": {
"terms": {
"field": "userId"
},
"aggs": {
"tops": {
"top_hits": {
"size": 2
}
}
}
}
}
}
what more should i have to use to sort the top hits result? Thanks in advance...
You can use sort like .
"aggs": {
"by_district": {
"terms": {
"field": "userId"
},
"aggs": {
"tops": {
"top_hits": {
"sort": [
{
"fieldName": {
"order": "desc"
}
}
],
"size": 2
}
}
}
}
}
Hope it helps
I have an elastic search running with documents like this one:
{
id: 1,
price: 620000,
propertyType: "HO",
location: {
lat: 51.41999,
lon: -0.14426
},
active: true,
rentOrSale: "S",
}
I'm trying to use aggregates to get statistics about a certain area using aggregations and the query I'm using is the following:
{
"sort": [
{
"id": "desc"
}
],
"query": {
"bool": {
"must": [
{
"term": {
"rentOrSale": "s"
}
},
{
"term": {
"active": true
}
}
]
},
"filtered": {
"filter": {
"and": [
{
"geo_distance": {
"distance": "15.0mi",
"location": {
"lat": 51.50735,
"lon": -0.12776
}
}
}
]
}
}
},
"aggs": {
"propertytype_agg": {
"terms": {
"field": "propertyType"
},
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
},
"bed_agg": {
"terms": {
"field": "numberOfBedrooms"
},
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
}
}
}
But in the result I can't see the aggregations. As soon as I remove either the bool or filtered part of the query I can see the aggregations. I can't figure out why this is happening, nor how do I get the aggregations for these filters. I've tried using the answer to this question but I've not been able to solve it. Any ideas?
I think your query need to be slightly re-arranged - move the "filtered" further up and repeat the "query" command:
"query": {
"filtered": {
"query" : {
"bool": {
...
}
},
"filter": {
...
}
}
}