Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Aggregating with multiple fields returned in ElasticSearch

Tags:

elasticsearch

Suppose I have a relative simple index with the following fields...

"testdata": {
    "properties": {
       "code": {
          "type": "integer"
       },
       "name": {
          "type": "string"
       },
       "year": {
          "type": "integer"
       },
       "value": {
          "type": "integer"
       }
    }
}

I can write a query to get the total sum of the values aggregated by the code like so:

{
  "from":0,
  "size":0,
  "aggs": {
    "by_code": {
      "terms": {
        "field": "code"
      },
      "aggs": {
        "total_value": {
          "sum": {
            "field": "value"
          }
        }
      }
    }
  }
}

And this returns the following (abridged) results:

"aggregations": {
  "by_code": {
     "doc_count_error_upper_bound": 478,
     "sum_other_doc_count": 328116,
     "buckets": [
        {
           "key": 236948,
           "doc_count": 739,
           "total_value": {
              "value": 12537
           }
        },

However, this data is being fed to a web front-end, where it is required both the code and the name is displayed. So, the question is, is it possible to amend the query somehow to also return the name field, as well as the code field, in the results?

So, for example, the results can look a bit like this:

"aggregations": {
  "by_code": {
     "doc_count_error_upper_bound": 478,
     "sum_other_doc_count": 328116,
     "buckets": [
        {
           "key": 236948,
           "code": 236948,
           "name": "Test Name",
           "doc_count": 739,
           "total_value": {
              "value": 12537
           }
        },

I've read up on sub-aggregations, but in this case there is a one-to-one relationship between code and name (so, you wouldn't have different names for the same key). Also, in my real case, there are 5 other fields, like description, that I would like to return, so I am wondering if there was another way to do it.

In SQL (from which this data originally came from before it was swapped to ElasticSearch) I would write the following query

SELECT Code, Name, SUM(Value) AS Total_Value
FROM [TestData] 
GROUP BY Code, Name
like image 590
Tim C Avatar asked Oct 11 '16 12:10

Tim C

Video Answer

1 Answers

You can achieve this using scripting, i.e. instead of specifying a field, you specify a combination of fields:

{
  "from":0,
  "size":0,
  "aggs": {
    "by_code": {
      "terms": {
        "script": "[doc.code.value, doc.name.value].join('-')"
      },
      "aggs": {
        "total_value": {
          "sum": {
            "field": "value"
          }
        }
      }
    }
  }
}

note: you need to make sure to enable dynamic scripting for this to work

like image 80
Val Avatar answered Nov 15 '22 10:11

Val
Sign in to Comment

Related questions

how to get the sub aggregation from elasticsearch
Error : [bool] query does not support [term]
Elasticsearch: How to query for number of connections?
Full form of "DSL" in query DSL - elastic search
How should I use sql_last_value in logstash?
Using NEST to percolate
Do you need to delete Elasticsearch aliases?
Elasticsearch return all documents of a given type
Kafka input to logstash plugin
ES-6 .1. - How change default number of shards
elasticsearch es_rejected_execution_exception
Elasticsearch: could not find java in bundled jdk at .../jdk/bin/java
Re-setting Logstash state
does elasticsearch have compound indexes?
Parse multiline JSON with grok in logstash
How to have an input of type MongoDB for Logstash
Kibana4 to listen on Port 80 instead of Port 5601
How to enable inline (sandboxed) groovy scripts?
Recreation of mapping elastic search
Setting up Id field in Elastic Search / NEST 2.0 via fluent Api

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!