Nested Objects aggregations (with Kibana)

Question

We got an Elasticsearch index containing documents with a subset of arbitrary nested object called devices. Each of those devices has a key call "aw". What I try to accomplish, is to get an average of the aw key for each device type. When trying to aggregate and visualize this average I don't get the average of the aw of every device type, but of all devices within the documents containing the specific device.

So instead of fetching all documents where device.id=7 and aggregating the awper device.id, Elasticsearch / Kibana fetches all documents containing device.id=7 but then builds it's average using all devices within the documents.

Out index mapping looks like this (only important parts):

"mappings" : {
        "devdocs" : {
            "_all": { "enabled": false },
            "properties" : {
                "cycle": {
                    "type": "object",
                    "properties": {
                        "t": {
                            "type": "date",
                            "format": "dateOptionalTime||epoch_second"
                        }
                    }
                },
                "devices": {
                    "type": "nested",
                    "include_in_parent": true,
                    "properties": {
                        "name": {
                            "type": "string",
                            "index": "not_analyzed"
                        },
                        "aw": {
                            "type": "long"
                        }
                        "t": {
                            "type": "date",
                            "format": "dateOptionalTime||epoch_second"
                        },

                    }
                }

            }
        }

Kibana generates the following query:

{
  "size": 0,
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "analyze_wildcard": true,
          "query": "*"
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "cycle.t": {
                  "gte": 1290760324744,
                  "lte": 1448526724744,
                  "format": "epoch_millis"
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "aggs": {
    "2": {
      "terms": {
        "field": "devices.name",
        "size": 35,
        "order": {
          "1": "desc"
        }
      },
      "aggs": {
        "1": {
          "avg": {
            "field": "devices.aw"
          }
        }
      }
    }
  }
}

Is there a way to aggregate the average aw on device level, or what am I doing wrong?

Answer 1

Kibana doesn't support nested aggregations yet , Nested Aggregations Issue. I had the same issue and solved it by building kibana from src from this fork by user ppadovani. [branch : nestedAggregations]

See instructions to build kibana from source here.

After building when you run kibana now it will contain a Nested Path text box and a reverse nested checkbox in advanced options for buckets and metrics.

Here is an example of nested terms aggregation on lines.category_1, lines.category_2, lines.category_3 and lines being of nested type. using the above with three buckets, :