filtering values in elasticsearch

Question

I want to get the counts for two items in a column from my indexer in elastic search. There is a column called "category" in my indexer and it contains multiple entries. In which I am interested to get 'billing' and 'expenditure' for multiple dates. For which, I have written the below query and it is not working for two values. I can pull a single value either "billing" or "expenditure" but not two at once.

 {"dates": 
{"date_histogram": 
    {"field": "createdDateTime",
        "interval": "day"},

        "aggs": {"fields": 
            {"term": 
                {"field": "type",
                  "include": ["billing", "expenditure"]



                }}}}}

The above code is not working in this case, to make it work I need to change the "include" line to

"include": "billing"

or "include": "expenditure"

It would be great help, if someone look into this and help.:)

Below answers are working for my post above, now I have come across one more problem with the above post that:

In my 'type' field, I want to filter one more value called "spent on". Here the problem is -- ES considers this two worded word as two terms and the result is not as expected. Please help in this. Just want to filter this two worded word as a single word instead of two.

keety · Accepted Answer

The include expects a regex pattern. As @jgr pointed out this is true only for versions of elasticsearch < 1.5.0. So for the example provided in query would look something as below for versions < 1.5.0 :

   "aggs": {
      "aggterm": {
         "terms": {
            "field": "type",
            "include" : "billing|expenditure"
         }
      }
   }

If not the example you have in the OP should work

filtering values in elasticsearch

Answers (2)

Related Questions