Menu
How can I add a new key called 'agency_name' in my output bucket.
I am running an aggregation code as shown below
{ "aggs": { "name": { "terms": { "field": "agency_code" } } } } I will be getting the out put as
"aggregations": { "name": { "doc_count_error_upper_bound": 130, "sum_other_doc_count": 39921, "buckets": [ { "key": "1000", "doc_count": 105163 }, { "key": "2100", "doc_count": 43006 } ] } } While displaying I need to show the agency name, code and doc_count
How can I modify the aggregation query so that I could get the below format. I am new to ElasticSearch, not sure how to fix this
"aggregations": { "name": { "doc_count_error_upper_bound": 130, "sum_other_doc_count": 39921, "buckets": [ { "key": "1000", "doc_count": 105163, "agency_name": 'Agent 1' }, { "key": "2100", "doc_count": 43006, "agency_name": 'Agent 2' } ] } } Sample Data in ElasticSearch (fields are analysed)
{ "_index": "feeds", "_type": "news", "_id": "22005", "_version": 1, "_score": 1, "_source": { "id": 22005, "name": "Test News", "agency_name": "Agent 1", "agency_code": "1000", } } 
669
Cardinality aggregationedit. A single-value metrics aggregation that calculates an approximate count of distinct values.
But visualizations in Kibana don't aggregate on nested fields like that, regardless of how you set your mappings -- if you want to run aggregations on the data in the items list, you aren't going to get the results you are looking for. Then doing the same sum aggregation should return the expected results.
Elasticsearch Aggregations provide you with the ability to group and perform calculations and statistics (such as sums and averages) on your data by using a simple search query. An aggregation can be viewed as a working unit that builds analytical information across a set of documents.
Create an aggregation-based visualization paneledit Choose the type of visualization you want to create, then use the editor to configure the options. On the dashboard, click All types > Aggregation based. Select the visualization type you want to create. Select the data source you want to visualize.
You can use the top hits aggregation like in the link below. The format will be slightly different since creating the extra aggregation will embed the agency name under another 'hits' key.
Adding additional fields to ElasticSearch terms aggregation
{ "aggs": { "name": { "terms": { "field": "agency_code" }, "aggs": { "agency_names" : { "top_hits": { size: 1, _source: { include: ['agency_name'] } } } } } } } I think you would need to add another "aggs" to it. But it would not be in the format in which you want but as another field in the output , reason being currently you are aggregating based on "agency_code" and the doc_count shows how many times the particular agency code occurs. Now when you want to aggregate it based on "agency_name" the field might in different documents than "agency_code" and in different numbers as well , if they always exist in pair than this parent-child indexing might be of some help.
https://www.elastic.co/guide/en/elasticsearch/guide/current/indexing-parent-child.html
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
