elasticsearch - elastic search aggregation on more than one field -
i new elastic search , want implement specific use case on it. want have multi field sum aggregation. try explain on example: have following objects inserted es index:
{"a":"aval", "b":"bval", "c":"cval", "aggcount":100} where a,b , strings , aggcount int. let's assume have following records indexed:
{"a":"aa", "b":"bb", "c":"cc", "aggcount":10} {"a":"aa", "b":"bb", "c":"cc", "aggcount":11} {"a":"aa", "b":"b", "c":"c", "aggcount":1} {"a":"a", "b":"bb", "c":"cc", "aggcount":12} {"a":"a", "b":"bb", "c":"cc", "aggcount":5} now group records fields a,b , c , sum aggcount values, previous records following result:
{"a":"aa", "b":"bb", "c":"cc", "count":21} {"a":"aa", "b":"b", "c":"c", "count":1} {"a":"a", "b":"bb", "c":"cc", "aggcount":17} can tell me how achieve this? tried nested significant_terms , sum aggregations didn't succeed. in advance.
use sub-aggregations:
{ "aggs": { "aggs_a": { "terms": { "field": "a" }, "aggs": { "aggs_b": { "terms": { "field": "b" }, "aggs": { "aggs_c": { "terms": { "field": "c" }, "aggs": { "summing": { "sum": { "field": "aggcount" } } } } } } } } } } test data , results:
post /test_index/test_type/_bulk {"index":{}} {"a":"aa", "b":"bb", "c":"cc", "aggcount":10} {"index":{}} {"a":"aa", "b":"bb", "c":"cc", "aggcount":11} {"index":{}} {"a":"aa", "b":"b", "c":"c", "aggcount":1} {"index":{}} {"a":"a", "b":"bb", "c":"cc", "aggcount":12} {"index":{}} {"a":"a", "b":"bb", "c":"cc", "aggcount":5} gives:
"hits": { "total": 5, "max_score": 0, "hits": [] }, "aggregations": { "aggs_a": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "aa", "doc_count": 3, "aggs_b": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "bb", "doc_count": 2, "aggs_c": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "cc", "doc_count": 2, "summing": { "value": 21 } } ]}}, { "key": "b", "doc_count": 1, "aggs_c": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "c", "doc_count": 1, "summing": { "value": 1 } } ]}]} }, { "key": "a", "doc_count": 2, "aggs_b": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "bb", "doc_count": 2, "aggs_c": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "cc", "doc_count": 2, "summing": { "value": 17 } } ] }}]}}]}}}
Comments
Post a Comment