Reputation: 2017
How do I use doc_count in an aggregations range query in ElasticSearch 1.0
I have a bunch of user generated events in my ES cluster. Each event contains the user's UUID.
I'm trying to write a query that buckets users into low, medium and high activity based on the number of events each user generates.
I'm using this query to get the number of events generated by each user:
{
"aggs" : {
"users" : {
"terms" : { "field" : "user_id.raw" }
}
}
}
This works fine, but I need to further bucket the results into a range query using the previous results "doc_count", so that I can sort each user into a low, med, high activity bucket.
I tried a bunch of ways to access the doc_count field using a sub-aggregation but never manage to get it work. I figured this would be a fairly common use case, but can't seem to crack it, so any help would be much appreciated.
Upvotes: 9
Views: 3293
Answers (2)
Reputation: 551
you can probably do something like :
{
"aggs" : {
"tally" : {
"sum" : {
"script": "1"
}
},
"aggs" : {
//refer to tally here as the value would be same as doc_count
}
}
}
Upvotes: 0
Reputation: 21
I have updated https://github.com/elasticsearch/elasticsearch/issues/4983?_pjax=%23js-repo-pjax-container with this issue as well.
Looks like a minor enhancement to the aggregation framework (but) will be really useful.
Upvotes: 2
Related Questions
- How to get doc value in Elasticsearch Bucket Aggregation query instead of doc count
- ELASTICSEARCH - Total doc_count aggregations
- Range Filters on doc_count on a Term Aggregation
- How to get Sum of all doc_counts from term aggregation query in elasticsearch?
- Elasticsearch range bucket aggregation based on doc_count
- Elasticsearch count of documents with values in range
- Elasticsearch term aggregation with range doc count
- Elasticsearch count doc_count occurrences on aggs
- Use doc_count as cumulative count
- ElasticSearch Aggregations - sum_other_doc_count in a (Term?) Query?