I am using elastic search 1.6.0.
Here is my aggregation query :
GET /a/dummydata/_search
{
"size": 0,
"aggs": {
"sum_trig_amber": {
"terms": {
"field": "TRIGGER_COUNT_AMBER"
}
},
"sum_trig_green": {
"terms": {
"field": "TRIGGER_COUNT_GREEN"
}
},
"sum_trig-red": {
"terms": {
"field": "TRIGGER_COUNT_RED"
}
}
}
}
Is there any way by which i can add three sum_trig_amber + sum_trig_red + sum_trig_green ?
Related
I have below ElasticSeach query
What should be equivalent Java api code for this
GET my_index/_search
{
"aggs": {
"bucket_id": {
"terms": {
"field": "id"
, "size": 1000
},
"aggs": {
"bucket_name": {
"terms": {
"field": "name.keyword"
, "size": 1
}
}
}
}
}
}
Figured this out
AggregationBuilder aggregationBuilder = AggregationBuilders.terms("bucket_id").field("id").size(1000);
aggregationBuilder.subAggregation(AggregationBuilders.terms("bucket_name").field("name.keyword"));
I want to do pipeline aggregation on my elasticsearch aggregation. Here is my query body
{
"aggs": {
"user_info": {
"terms": {
"field": "user_id"
},
"aggs": {
"product_info": {
"terms": {
"field": "product_id"
},
"aggs": {
"total_item_price": {
"sum": {
"field": "selling_price"
}
}
}
}
}
},
"price_percentile": {
"percentiles_bucket": {
"buckets_path": "user_info.product_info.total_item_price"
}
}
}
}
This is giving me error that
No aggregation found for path [user_info.product_info.total_item_price]
What should be the path for bucket if such nested aggregation is there? Or is it not possible to find percentiles for such bucket arrangement in elasticsearch.
P.S I am using elasticsearch 6.5
#jzzfs answer is also somewhat right. I approached it in a different way. I reversed my aggregations and it fulfilled my use case. But in general, you can't do nested bucket percentiles for now.
{
"aggs": {
"product_info": {
"terms": {
"field": "product_id"
},
"aggs": {
"user_info": {
"terms": {
"field": "user_id"
},
"aggs": {
"total_item_price": {
"sum": {
"field": "selling_price"
}
}
}
},
"pb": {
"percentiles_bucket": {
"buckets_path": "user_info>total_item_price"
}
}
}
}
}
}
First, don't use dots in the path -- use > instead:
GET stack/_search
{
"aggs": {
"user_info": {
"terms": {
"field": "user_id"
},
"aggs": {
"product_info": {
"terms": {
"field": "product_id"
},
"aggs": {
"total_item_price": {
"sum": {
"field": "selling_price"
}
}
}
}
}
},
"pb": {
"percentiles_bucket": {
"buckets_path": "user_info>product_info>total_item_price"
}
}
}
}
which yields "buckets_path must reference either a number value or a single value numeric metric aggregation, got: [Object[]] at aggregation [product_info]" so it's not gonna work.
Here are our options:
Aggregate globally but just under the bucketed product info (without the users):
GET stack/_search
{
"aggs": {
"product_info": {
"terms": {
"field": "product_id"
},
"aggs": {
"total_item_price": {
"sum": {
"field": "selling_price"
}
}
}
},
"pb": {
"percentiles_bucket": {
"buckets_path": "product_info>total_item_price"
}
}
}
}
Use filtered aggregations in order to mimic the original intent:
GET stack/_search
{
"aggs": {
"user_123": { <-- keeping the agg name consistent w/ the filter
"filter": {
"term": {
"user_id": 123 <-- actual filter
}
},
"aggs": {
"product_info": {
"terms": {
"field": "product_id"
},
"aggs": {
"total_item_price": {
"sum": {
"field": "selling_price"
}
}
}
},
"pb": {
"percentiles_bucket": {
"buckets_path": "product_info>total_item_price"
}
}
}
}
}
}
You can then have as many user_xyz subaggregations as you like -- provided you gather their IDs beforehand.
In my contains field I have "xr" data and "xra","xrb","xrc" seperately. When I make query for the count of "xr" elasticsearch does not return me 1, it returns 4. How can I manage it?
This is my query
"aggs": {
"Group1": {
"terms": {
"field": "method.keyword",
"include": ".*POST.*",
},
"aggs": {
"Group3": {
"terms": {
"field": "contains.keyword",
"size": 11593,
}
}
},
}
I am using elastichsearch in java 1.7.5 and after console query I want to tranform the code below to java code. It is a query with mutiple sub-aggregation and result in my confusion.
{
"query": {
"bool": {
"must": [
{
"range": {
"rawlog.auAid": {
"from": "3007145536"
}
}
},
{
"term": {
"rawlog.ip": "118.70.204.171"
}
}
],
"must_not": [],
"should": []
}
},
"aggs": {
"articles_over_time": {
"date_histogram": {
"field": "loggedTime",
"interval": "second"
},
"aggs": {
"id": {
"terms": {
"field": "auAid"
}
},
"url": {
"terms": {
"field": "urlId1"
}
},
"devVerId": {
"terms": {
"field": "devVerId"
}
},
"devTypeId": {
"terms": {
"field": "devTypeId"
}
},
"osVerId": {
"terms": {
"field": "osVerId"
}
},
"browserId": {
"terms": {
"field": "browserId"
}
}
}
}
}
}
Can anyone help me to perform it ? Thanks so much
You have everything you need in the documentation here and here, but it basically goes like this:
// 1. build the query
QueryBuilder qb = boolQuery()
.must(rangeQuery("rawlog.auAid").from(3007145536))
.must(termQuery("rawlog.ip", "118.70.204.171"));
// 2. build the aggregations
AggregationBuilder articlesOverTime =
AggregationBuilders
.dateHistogram("articles_over_time")
.field("loggedTime")
.interval(DateHistogramInterval.SECOND);
articlesOverTime.subAggregation(AggregationBuilders.terms("id").field("auAid"));
articlesOverTime.subAggregation(AggregationBuilders.terms("url").field("urlId1"));
articlesOverTime.subAggregation(AggregationBuilders.terms("devVerId").field("devVerId"));
articlesOverTime.subAggregation(AggregationBuilders.terms("devTypeId").field("devTypeId"));
articlesOverTime.subAggregation(AggregationBuilders.terms("osVerId").field("osVerId"));
articlesOverTime.subAggregation(AggregationBuilders.terms("browserId").field("browserId"));
// 3. make the query
SearchResponse sr = node.client().prepareSearch()
.setQuery(qb)
.addAggregation(articlesOverTime)
.execute().actionGet();
This is a portion of the data I have indexed in elasticsearch:
{
"country" : "India",
"colour" : "white",
"brand" : "sony"
"numberOfItems" : 3
}
I want to get the total sum of numberOfItems on a per country basis, per colour basis and per brand basis. Is there any way to do this in elasticsearch?
The following should land you straight to the answer.
Make sure you enable scripting before using it.
{
"aggs": {
"keys": {
"terms": {
"script": "doc['country'].value + doc['color'].value + doc['brand'].value"
},
"aggs": {
"keySum": {
"sum": {
"field": "numberOfItems"
}
}
}
}
}
}
To get a single result you may use sum aggregation applied to a filtered query with term (terms) filter, e.g.:
{
"query": {
"filtered": {
"filter": {
"term": {
"country": "India"
}
}
}
},
"aggs": {
"total_sum": {
"sum": {
"field": "numberOfItems"
}
}
}
}
To get statistics for all countries/colours/brands in a single pass over the data you may use the following query with 3 multi-bucket aggregations, each of them containing a single-bucket sum sub-aggregation:
{
"query": {
"match_all": {}
},
"aggs": {
"countries": {
"terms": {
"field": "country"
},
"aggs": {
"country_sum": {
"sum": {
"field": "numberOfItems"
}
}
}
},
"colours": {
"terms": {
"field": "colour"
},
"aggs": {
"colour_sum": {
"sum": {
"field": "numberOfItems"
}
}
}
},
"brands": {
"terms": {
"field": "brand"
},
"aggs": {
"brand_sum": {
"sum": {
"field": "numberOfItems"
}
}
}
}
}
}