Aggregate filtered result using Elastic Search API

Question

I would like to aggregate and count the number of docs appears based on my filtering rules.

I looked at the API from their website: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html

and came out with this:

{ "size": 0,
      "aggregations": { 
            "messages": {
                 "filters":{ 
                       "filters": {
                             "knowledge service": { "match": {"syslog_msg": "my-domain.com"}}
                            }
                         }
                      }
                    }
}

"syslog_msg" can contain information such as "my-domain.com some other value".

The response i got:

{
  "_scroll_id" : "some scroll id",
  "took" : 89,
  "timed_out" : false,
  "_shards" : {
  "total" : 5,
  "successful" : 5,
  "failed" : 0
},
"hits" : {
"total" : 1000000,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
    "messages" : {
     "buckets" : {
      "knowledge service" : {"doc_count" : 12000}
      }
    }
 }
}

It seems working fine, but when I ran a query to look at the 12000 records, some of them do not have exact match to the string (in this case my-domain.com) that I searched for.

For example, some docs have the string "my" in syslog_msg instead of "my-domain.com".

How do I change the query so that it filters the exact match for the string that I am looking for?

---

The solution is to replace match with match_phrase which will search and return the exact phrase found

Answer 1

You should add aggregations to your filter

As elasticsearch document says (https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filter-aggregation.html);

{
"aggs" : {
    "red_products" : {
        "filter" : { "term": { "color": "red" } },
        "aggs" : {
            "avg_price" : { "avg" : { "field" : "price" } }
        }
    }
}

}