How can I group by year and month? My query works if I leave 1 term, for example, Month. But I cannot group by multiple terms.
GET traffic-data/_search?
{
"size":0,
"query": {
"bool": {
"must": [
{ "match": {
"VehiclePlateNumber": "111"
}}
]
} },
"aggs" : {
"years" : {
"terms" : {
"field" : "Year"
},
"aggs" : {
"months" : { "by_month" : { "field" : "Month" } }
}
}
}
}
I think your question's query is already close, try this:
GET traffic-data/_search?
{
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"VehiclePlateNumber": "111"
}
}
]
}
},
"aggs": {
"years": {
"terms": {
"field": "Year",
"size": 100
},
"aggs": {
"months": {
"terms": {
"size": 12,
"field": "Month"
}
}
}
}
}
}
Edit - I am assuming your month is a string keyword field. Let me know if this is not the case (and please include the mappings) and I will revise.
Related
I'm using this query
POST /stats/_search?filter_path=aggregations.views.value
{
"aggs": {
"views": {
"sum": {
"field": "viewCount"
}
}
},
"size": 0,
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {"gte":"now-2d"}
}
}
]
}
}
}
and it gives the result
{
"aggregations" : {
"views" : {
"value" : 49198.0
}
}
}
I'm looking to only get "49189.0" or the least amount of info possible, maybe "{value: 49198.0}"
elasticsearch 5.2
I want to filter my items by the nested object state.id = 101 and an aggregation count for all the items by state.id. There are items with the state ids 101, 102 and 103.
The aggregation count is now limited to state.id 101. I want the only get the items with state.id = 101 and the aggregation count for all state ids.
How can i do this?
GET index/items/_search
{
"query": {
"nested" : {
"path" : "state",
"query": {
"bool": {
"filter": {
"term": { "state.id": 101 }
}
}
}
}
},
"aggs" : {
"state" : {
"nested" : {
"path" : "state"
},
"aggs" : {
"count" : { "terms" : { "field" : "state.id" } }
}
}
}
}
You need to use post_filter instead of query: (Oh and use POST instead of GET when sending a payload)
POST index/items/_search
{
"post_filter": { <--- change this
"nested": {
"path": "state",
"query": {
"bool": {
"filter": {
"term": {
"state.id": 101
}
}
}
}
}
},
"aggs": {
"state": {
"nested": {
"path": "state"
},
"aggs": {
"count": {
"terms": {
"field": "state.id"
}
}
}
}
}
}
If you want to further narrow the nested aggregation, you can also add a filter:
POST index/items/_search
{
"post_filter": {
"nested": {
"path": "state",
"query": {
"bool": {
"filter": {
"term": {
"state.id": 101
}
}
}
}
}
},
"aggs": {
"narrow": {
"filter": {
"nested": {
"path": "state",
"query": {
"bool": {
"filter": {
"term": {
"state.id": 101
}
}
}
}
}
},
"aggs": {
"state": {
"nested": {
"path": "state"
},
"aggs": {
"count": {
"terms": {
"field": "state.id"
}
}
}
}
}
}
}
}
I have this query which gets the aggregation of the mentions field for all the tweets with the text "CAT DOG". How can I edit my query such that I get the aggregation for all the tweets containing either "cat" or "dog".
{
"size": 0,
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {"text" : "CAT DOG"}
}
},
"aggs": {
"tweet": {
"terms": {
"field": "hashtags",
"size" : 50
}
}
}
}
Look to multi_match query it has option operator you should set it to or which means that any should match.
{
"size": 0,
"query": {
"multi_match" : {
"query": "CAT DOG",
"fields": [ "text"],
"operator": "or"
}
},
"aggs": {
"tweet": {
"terms": {
"field": "hashtags",
"size" : 50
}
}
}
}
Other option in your case is bool query, but you should be aware that it will search for terms it means that if you are using default analyzer it will lowercase tokens and to match them you must lowercase user input, also you are responsible to split tokens from user input.
{
"size": 0,
"query": {
"bool" : {
"should" : [
{ "term" : { "text": "cat" } },
{ "term" : { "text" : "dog" } }
],
}
}
},
"aggs": {
"tweet": {
"terms": {
"field": "hashtags",
"size" : 50
}
}
}
}
You need to use should query.
If something not clear fill free to ask.
Please attention to elasticsearch version.
I have a requirement where I need to groupby status_value as per regions and regions as per given date. For the same I have written a query and it is not exactly working in the ES. It would be a great help, if someone look into this and provide me with the solution.
Note: I would like to get the result for the last day (i.e. previous day).
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"term": {
"UsagePoint_Asset_lifecycle_installationDate": "2014-07-13T16:55:00.0-07:00"
}
}
}
},
"aggs" : {
"product" : {
"terms" : {
"field" : "UsagePoint_ServiceLocation_region"
},
"aggs" : {
"material" : {
"terms" : {
"field" : "UsagePoint_status_value"
}
}
}
}
}
}
my sql query may be like below:
select count(status_value)
from products
where date = "yesterday"
group by region , date
Please check below query is working, but I would like to get the values for a specific day or dates.
{
"agg1": {
"terms": {
"field":"UsagePoint_Asset_lifecycle_installationDate"
},
"aggs" : {
"product" : {
"terms" : {
"field" : "UsagePoint_ServiceLocation_region"
},
"aggs" : {
"material" : {
"terms" : {
"field" : "UsagePoint_status_value"
}
}
}
}
}
}
}
If you need the group by info for yesterday , the following is a solution.
For any other custom dates , change the value in gte ( Greater than or equals to ) and lt ( Less than )
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"range": {
"UsagePoint_Asset_lifecycle_installationDate": {
"gte": "now-1d",
"lt": "now"
}
}
}
}
},
"aggs": {
"product": {
"terms": {
"field": "UsagePoint_ServiceLocation_region"
},
"aggs": {
"material": {
"terms": {
"field": "UsagePoint_status_value"
}
}
}
}
}
}
i have this query:
GET /_search
{
"from" : 0, "size" : 30,
"query": {
"filtered": {
"query" : {
"query_string": {
"query": "((categoria.id:1752) AND (cidadeId:7300))
OR ((categoria.id:1752) and (estadoId:13)) "
}
}
}
},
"sort": [
{ "img": { "order": "desc" } }
]
}
I would like to order by cidadeId = 7300 and then the other but do not know how to do this in the sort
I have considered a small example :
PUT test/test/1
{
"categoria.id":1752,
"cidadeId":7300
}
PUT test/test/2
{
"categoria.id":1752,
"estadoId":13
}
PUT test/test/3
{
"categoria.id":175,
"cidadeId":1
"estadoId":13
}
With the few information you are giving in your answer, I can give you the following solution for ascendant sorting on cidadeId
GET test/_search
{
"from": 0,
"size": 30,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "((categoria.id:1752) AND (cidadeId:7300)) OR ((categoria.id:1752) and (estadoId:13))"
}
}
}
},
"sort": [
{
"cidadeId": {
"order": "asc"
}
}
]
}
I hope this will help