Top hits by ElasticSearch aggregation

Question

Top hits by ElasticSearch aggregation

I have the following data:

{"action":"CREATE","docs":1,"date":"2016 Jun 26 12:00:12","userid":"1234"} {"action":"REPLACE","docs":2,"date":"2016 Jun 27 12:00:12","userid":"1234"} {"action":"REPLACE","docs":1,"date":"2016 Jun 27 13:00:12","userid":"1234"} {"action":"CREATE","docs":1,"date":"2016 Jun 28 12:00:12","userid":"3431"} {"action":"REPLACE","docs":2,"date":"2016 Jun 28 13:00:12","userid":"3431"} {"action":"CREATE","docs":1,"date":"2016 Jun 29 12:00:12","userid":"9999"}

To get records for each unique custom order by date (descending), I used Top Hits, as shown below:

 "aggs": { "user_bucket": { "terms": { "field": "userid" }, "aggs": { "user_latest_count": { "top_hits": { "size": 1, "sort": [ { "data": { "order": "desc" } } ], "_source": { "include": [ "docs" ] } } } } } }

The query result above:

 {"action":"REPLACE","docs":1,"date":"2016 Jun 27 13:00:12","userid":"1234"} {"action":"REPLACE","docs":2,"date":"2016 Jun 28 13:00:12","userid":"3431"} {"action":"CREATE","docs":1,"date":"2016 Jun 29 12:00:12","userid":"9999"}

Now I want to aggregate even more to get the following result:

 {"sum_of_different_buckets": 4}

But I’m not sure how to TOTE the " docs " field from the result obtained above.

+6

elasticsearch

Supercoder Jul 05 '16 at 4:55

source share

1 answer

Sudhish k · Answer 1 · 2016-07-14T02:34:26+0000

You can also optionally group aggregations within aggregates to extract the summary data that you need from your data. Could be lower than samples.

 "aggs" : { "sum_of_different_buckets" : { "sum" : { "field" : "docs" } } }

Top hits by ElasticSearch aggregation

More articles: