Bouffe
Reputation: 849
Elasticsearch aggregation don't work
I have a index with visit logs on pages. Each user visit a page is logged with a line :
{
"_index": "logs",
"_type": "visit",
"_id": "AVco3MoAdMBqjXxJcqfF",
"_version": 1,
"_score": 1,
"_source": {
"@version": "1",
"@timestamp": "2016-09-14T13:22:20.074Z",
"user": "309424",
"page": "15399",
"countryCode": "FR"
}
}
I'm trying to get by countryCode, the most viewed pages
POST request on logs/visit/_search?search_type=count :
{
"aggs":{
"pages":{
"terms":{
"field":"page"
}
}
},
"query":{
"bool":{
"must":[
{
"term":{
"countryCode":{
"value":"FR",
"boost":1
}
}
}
]
}
}
}
But the response array "buckets" is empty. Whereas when I do the query with "user" instead of "countryCode", I get the good result with most viewed pages by the user I specified. But I need it by country.
What's the difference between my countryCode field and my user field ? Both are declared as strings
"countryCode": {
"type": "string"
},
"user": {
"type": "string"
}
Upvotes: 0
Views: 189
Answers (1)
Val
Reputation: 217304
Your countryCode field is an analyzed string so your query needs to be like this instead
{
"aggs":{
"pages":{
"terms":{
"field":"page"
}
}
},
"query":{
"bool":{
"must":[
{
"term":{
"countryCode":{
"value":"fr", <--- lowercase fr here
"boost":1
}
}
}
]
}
}
}
or you can keep the uppercase FR and use a match query instead
{
"aggs":{
"pages":{
"terms":{
"field":"page"
}
}
},
"query":{
"bool":{
"must":[
{
"match":{ <--- use match
"countryCode":{
"value":"FR",
"boost":1
}
}
}
]
}
}
}
Upvotes: 1
Related Questions
- cannot agregate in elasticsearch
- Having trouble getting Elastic Search Aggregates to work
- Elasticsearch _msearch not working on aggregations
- Elasticsearch Aggregation doesn't work the way it should
- elasticsearch multiple aggregations not working
- Issue in Elastic Search Sum Aggregation
- Broken aggregation in elasticsearch
- elasticsearch filters aggregation won't work
- elasticsearch aggregation result is 0
- elasticsearch filter don't work with aggregation