ElasticSearch count nested fields - elasticsearch

How do you count objects of a nested field (which is a nested objects list) which meet a certain condition in ElasticSearch?
Having Customer index, with type Customer which has a Services nested field with following structure:
public class Customer
public int Id;
public List<Service> Services;
public class Service
public int Id;
public DateTime Date;
public decimal Rating;
How do I count all services which happened in June 2017 and got a rating higher than 5?

Good question :)
In order to get what you want you should define your mapping upfront and nested property mapping works well.
The nested type is a specialized version of the object datatype that allows arrays of objects to be indexed and queried independently of each other.
Please find below full example :)
PUT example_nested_test
"mappings": {
"nested": {
"properties": {
"Id": {
"type": "long"
"Services": {
"type": "nested",
"properties": {
"Id": {
"type": "long"
"Date": {
"type": "date"
"Rating": {
"type": "long"
POST example_nested_test/nested/100
"Id" : 1,
"Services": [
"Id": 1,
"Date" :"2017-05-10",
"Rating" : 5
"Id": 2,
"Date" :"2013-05-10",
"Rating" : 2
"Id": 4,
"Date" :"2017-05-10",
"Rating" : 6
GET example_nested_test/_search
"aggs": {
"Services": {
"nested": {
"path": "Services"
"aggs": {
"Rating": {
"filter": {
"bool": {
"must": [
"range": {
"Services.Date": {
"gt": "2017",
"format": "yyyy"
"range": {
"Services.Rating": {
"gt": "5"
Result :
"aggregations": {
"Services": {
"doc_count": 3,
"Rating": {
"doc_count": 1


Query hashmap structure with elasticsearch

I have two questions regarding mapping and querying a java hashmap in elasticsearch.
Does this mapping make sense in elasticsearch (is it the correct way to map a hashmap)?:
"properties": {
"itemsMap": {
"type": "nested",
"properties": {
"key": {
"type": "date",
"format": "yyyy-MM-dd"
"value": {
"type": "nested",
"properties": {
"itemVal1": {
"type": "double"
"itemVal2": {
"type": "double"
Here is some example data:
"itemsMap": {
"2021-12-31": {
"itemVal1": 100.0,
"itemVal2": 150.0,
"2021-11-30": {
"itemVal1": 200.0,
"itemVal2": 50.0,
My queries don't seem to work. For example:
"query": {
"nested": {
"path": "itemsMap",
"query": {
"bool": {
"must": [
"match": {
"itemsMap.key": "2021-11-30"
Am I doing something wrong? How can I query such a structure? I have the possibility to change the mapping if it's necessary.
The way you are uploading your data, nothing is stored in key.
You will have fields named 2021-11-30 ... and key is going to be empty.
Either you have a limited amount of "dates" and this is a viable options (less than 1000) else your format is not viable on the long run.
If you don't want to change your doc, here is the query
GET /71525899/_search
"query": {
"nested": {
"path": "itemsMap",
"query": {
"bool": {
"must": [
"exists": {
"field": "itemsMap.2021-12-31"
To understand
If you inspect the mapping by querying the index
GET /<index_name>/_mapping
You will see that the number of fields name after your date is going to grow.
And in all your doc, itemsMap.key is going to be empty. (this explain why my previous answer did not work.
A more viable option
Keep your mapping, update the shape of your docs.
They will look like
"itemsMap": [
"key": "2021-12-31",
"value": { "itemVal1": 100, "itemVal2": 150 }
"key": "2021-11-30",
"value": { "itemVal1": 200, "itemVal2": 50 }
DELETE /71525899
PUT /71525899/
"mappings": {
"properties": {
"itemsMap": {
"type": "nested",
"properties": {
"key": {
"type": "date",
"format": "yyyy-MM-dd"
"value": {
"type": "nested",
"properties": {
"itemVal1": {
"type": "double"
"itemVal2": {
"type": "double"
POST /_bulk
{"itemsMap":[{"key":"2021-12-31", "value": {"itemVal1":100,"itemVal2":150}},{"key":"2021-11-30", "value":{"itemVal1":200,"itemVal2":50}}]}
{"itemsMap":[{"key":"2022-12-31", "value": {"itemVal1":100,"itemVal2":150}},{"key":"2021-11-30", "value":{"itemVal1":200,"itemVal2":50}}]}
{"itemsMap":[{"key":"2021-11-31", "value": {"itemVal1":100,"itemVal2":150}},{"key":"2021-11-30", "value":{"itemVal1":200,"itemVal2":50}}]}
GET /71525899/_search
"query": {
"nested": {
"path": "itemsMap",
"query": {
"bool": {
"must": [
"match": {
"itemsMap.key": "2021-12-31"

ElasticSearch aggregation query with List in documents

I have following records of car sales of different brands in different cities.
Document -1
"city": "Delhi",
Document -2
"city": "Delhi",
I am trying to come up with query to aggregate car statistics for a given city but not getting the right query.
Required result:
"city": "Delhi",
First you need to map your array as a nested field (script would be complicated and not performant). Nested field are indexed, aggregation will be pretty fast.
remove your index / or create a new one. Please note i use test as type.
"mappings": {
"test": {
"properties": {
"city": {
"type": "keyword"
"cars": {
"type": "nested",
"properties": {
"name": {
"type": "keyword"
"purchase": {
"type": "integer"
"sold": {
"type": "integer"
Index your document (same way you did)
For the aggregation:
"size": 0,
"aggs": {
"avg_grade": {
"terms": {
"field": "city"
"aggs": {
"resellers": {
"nested": {
"path": "cars"
"aggs": {
"agg_name": {
"terms": {
"field": "cars.name"
"aggs": {
"avg_pur": {
"sum": {
"field": "cars.purchase"
"avg_sold": {
"sum": {
"field": "cars.sold"
buckets": [
"key": "Honda",
"doc_count": 2,
"avg_pur": {
"value": 350
"avg_sold": {
"value": 270
"key": "Toyota",
"doc_count": 2,
"avg_pur": {
"value": 150
"avg_sold": {
"value": 120
if you have index the name / city field as a text (you have to ask first if this is necessary), use .keyword in the term aggregation ("cars.name.keyword").

Elasticsearch - Applying multi level filter on nested aggregation bucket?

I'm, trying to get distinct nested objects by applying multiple filters.
Basically in Elasticsearch I have cities as top level document and inside I have nested citizens documents, which have another nested pets documents.
I am trying to get all citizens that have certain conditions applied on all of these 3 levels (cities, citizens and pets):
Give me all distinct citizens
that have age:"40",
that have pets "name":"Casper",
from cities with office_type="secondary"
I know that to filter 1st level I can use query condition, and then if I need to filter the nested citizens I can add a filter in the aggregation level.
I am using this article as an example: https://iridakos.com/tutorials/2018/10/22/elasticsearch-bucket-aggregations.html
Query working so far:
GET city_offices/_search
"size" : 10,
"query": {
"term" : { "office_type" : "secondary" }
"aggs": {
"citizens": {
"nested": {
"path": "citizens"
"aggs": {
"inner_agg": {
"filter": {
"term": { "citizens.age": "40" }
} ,
"aggs": {
"occupations": {
"terms": {
"field": "citizens.occupation"
BUT: How can I add the "pets" nested filter condition?
PUT city_offices
"settings": {
"number_of_shards": 1
"mappings": {
"doc": {
"properties": {
"city": {
"type": "keyword"
"office_type": {
"type": "keyword"
"citizens": {
"type": "nested",
"properties": {
"occupation": {
"type": "keyword"
"age": {
"type": "integer"
"pets": {
"type": "nested",
"properties": {
"kind": {
"type": "keyword"
"name": {
"type": "keyword"
"age": {
"type": "integer"
Index data:
PUT /city_offices/doc/1
So I found a solution for this.
Basically I apply top level filters in the query section and then apply rest of conditions in the aggregations.
First I apply citizens level filter aggregation, then I go inside nested pets and apply the filter and then I need to get back up to citizens level (using reverse_nested: citizens) and then set the term that will generate the final bucket.
Query looks like this:
GET city_offices/_search
"size" : 10,
"query": {
"term" : { "office_type" : "secondary" }
"aggs": {
"citizens": {
"nested": {
"path": "citizens"
"aggs": {
"inner": {
"filter": {
"term": { "citizens.age": "40" }
} ,
"aggs": {
"occupations": {
"nested": {
"path": "citizens.pets"
"aggs": {
"inner_pets": {
"filter": {
"term": { "citizens.pets.name": "Casper" }
} ,
"aggs": {
"lll": {
"reverse_nested": {
"path": "citizens"
"aggs": {
"xxx": {
"terms": {
"field": "citizens.occupation",
"size": 10
The response bucket looks like this:
"xxx": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
"key": "Librarian",
"doc_count": 1
"key": "Statistician",
"doc_count": 1
Any other suggestions?

Terms aggregation with nested wildcard path

Given the following nested object of nested objects
I'm wanting to aggregate on the wildcard-ish field nested_parent.*.classifier, along the lines of
"size": 0,
"aggs": {
"termsAgg": {
"nested": {
"path": "nested_parent.*"
"aggs": {
"termsAgg": {
"terms": {
"size": 1000,
"field": "nested_parent.*.classifier"
which does not seem to work -- possibly because the path and field are not defined clearly enough.
How can I aggregate on nested objects with dynamically created nested mappings which share most of their properties, including the classifier on which I intend to terms-aggregate?
A bit late to the party.
I would suggest a different approach as I don't see a possible solution using wildcards.
My solution would involve using the copy_to to create a field that you will be able to access using aggregation.
The idea is to create a field that will store the values of all your classifiers.
Which you can be doing aggregation on.
PUT /54198251/
"mappings": {
"properties": {
"classifiers": {
"type": "keyword"
"parent": {
"type": "nested",
"properties": {
"child": {
"type": "nested",
"properties": {
"classifier": {
"type": "keyword",
"copy_to": "classifiers"
"child2": {
"type": "nested",
"properties": {
"classifier": {
"type": "keyword",
"copy_to": "classifiers"
POST /54198251/_doc
"parent": {
"child": {
"classifier": "c1"
"child2": {
"classifier": "c2"
GET /54198251/_search
"aggs": {
"classifiers": {
"terms": {
"field": "classifiers",
"size": 10
Will give you:
"aggregations": {
"classifiers": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
"key": "c1",
"doc_count": 1
"key": "c2",
"doc_count": 1

Elastic Search query return terms within array of a specific type

I've a mapping of an index as following:
Where Resources is an array which can have multiple tags. For example
{"_id":"82906194","_source":{"tags":{"resources":[{"type":"Person","tagName":"Kim_Kardashian",},{"type":"Person","tagName":"Kanye_West",},{"type":"City","tagName":"New_York",},...},"content":" Popular NEWS ..."}}
{"_id":"82906195","_source":{"tags":{"resources":[{"type":"City","tagName":"London",},{"type":"Country","tagName":"USA",},{"type":"Music","tagName":"Hello",},...},"content":" Adele's Hello..."}},
I do know how to extract important terms[tagName] with the below query, but I do not want terms[tagName] of all types.
How can I extract only the terms which are for example Cities only [type:City]? (I would like to get a list of tagName where the type is City i.e. London, New_York, Berlin,...)
Following is how the required output should look like:
Can you try this:
"_source" : ["tags.resources.tagName"]
"query": {
"term": {
"tags.resources.type": {
"value": "City"
Above query will fetch those resources which are of type city provided resources is of object type.
After Edit
Problem Group By Tag name which are Of city Type. That would not be achieved with the current mapping you have. You will have to change resources field to nested type.
Mapping would look like.
"mappings": {
"resource": {
"properties": {
"tags": {
"properties": {
"content": {
"type": "string"
"resources": {
"type": "nested",
"properties": {
"tagName": {
"type": "string"
"type": {
"type": "string"
Final query would be :
"size": 0,
"query": {
"nested": {
"path": "tags.resources",
"query": {
"match": {
"tags.resources.type": "city"
"aggs": {
"resources Nested path": {
"nested": {
"path": "tags.resources"
"aggs": {
"city type": {
"filter": {
"term": {
"tags.resources.type": "city"
"aggs": {
"group By tagName": {
"terms": {
"field": "tags.resources.tagName"
Output would be:
"aggregations": {
"resources Nested path": {
"doc_count": 6,
"city type": {
"doc_count": 2,
"group By tagName": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
"key": "london",
"doc_count": 1
"key": "new_york",
"doc_count": 1
