ElasticSearch Aggregation over Top Hits

Question

I have data as following:

{\"action\":\"CREATE\",\"docs\":1,\"date\":\"2016 Jun 26 12:00:12\",\"userid\":\"1234\"}
{\"action\":\"REPLACE\",\"docs\":2,\"date\         


        

Answer 1

You can also nest aggregations inside aggregations arbitrarily to extract summarized data that you require from your data. May be below sample works.

"aggs" : {
    "sum_of_different_buckets" : { "sum" : { "field" : "docs" } }
}

Answer 2

You can have other aggregation on a parallel level of top_hit but you cannot have any sub_aggregation below top_hit. It is not supported by elasticsearch. here is the link to github issue

But if you want to have sum at the same level, you may use the approach below.

"aggs": {
    "top_hits_agg": {
        "top_hits": {
            "size": 10,
            "_source": {
              "includes": ["docs"]
            }
        }
    },
    "sum_agg": {
        "sum": {
            "field": "docs"
        }
    }
}