Range ElasticSearch Aggregation
I need to compute a pipeline aggregation in ElasticSearch and I can\'t figure out how to express it.
Each document has an email address and an amount. I need to output r
-
There's no pipeline aggregation that does that directly. However, I think I came up with a solution that should suit your needs, it goes like this. The idea is to repeat the same
terms/sumaggregation and then use abucket_selectorpipeline aggregation for each of the ranges you're interested in.POST index/_search { "size": 0, "aggs": { "users_99": { "terms": { "field": "email", "size": 1000 }, "aggs": { "amount_received": { "sum": { "field": "amount" } }, "-99": { "bucket_selector": { "buckets_path": { "amountReceived": "amount_received" }, "script": "params.amountReceived < 100" } } } }, "users_100_299": { "terms": { "field": "email", "size": 1000 }, "aggs": { "amount_received": { "sum": { "field": "amount" } }, "100-299": { "bucket_selector": { "buckets_path": { "amountReceived": "amount_received" }, "script": "params.amountReceived >= 100 && params.amountReceived < 300" } } } }, "users_300_599": { "terms": { "field": "email", "size": 1000 }, "aggs": { "amount_received": { "sum": { "field": "amount" } }, "300-599": { "bucket_selector": { "buckets_path": { "amountReceived": "amount_received" }, "script": "params.amountReceived >= 300 && params.amountReceived < 600" } } } }, "users_600": { "terms": { "field": "email", "size": 1000 }, "aggs": { "amount_received": { "sum": { "field": "amount" } }, "600": { "bucket_selector": { "buckets_path": { "amountReceived": "amount_received" }, "script": "params.amountReceived >= 600" } } } } } }In the results, the number of buckets in the
users_99will be the number of unique emails that have an amount less than 99. Similarly,users_100_299will contain as many buckets as there are unique emails with amounts between 100 and 300. And so on...讨论(0)
加载中...
- 热议问题