CODEWITHSUNDEEP
elasticsearchquery-stringelasticsearch-aggregation
Acalypha
Acalypha

Reputation: 171

combine query_string and aggregations

I have documents from different applications in one index, with application name a field in each document. Now I want to count the number of documents per application per day. The application name is in string format, so I cannot use a filter term for it. While the below GET query does the filtering per application

{
  "query": {
    "filtered": {
      "query": {
        "query_string": {
           "query": "+environmentType:prod +application:app1",
           "analyze_wildcard": true
        }
      }
    }
  }
}

and I can use this aggregation for simple daily counts

{
  "aggs": {
    "simpleDatehHistogram": {
      "date_histogram": {
        "field": "timestamp",
        "interval": "day"
      }
    }
  }
}

I don't seem to be able to combine them so that the application filter is applied to my aggregation results.

This is the mapping of my index.

{
  "myIndex" : {
    "mappings" : {
      "myType" : {
        "properties" : {
          "application" : {
            "type" : "string"
          },
          "environmentType" : {
            "type" : "string"
          },
          "event" : {
            "properties" : {
              "Id" : {
                "type" : "long"
              },
              "documentId" : {
                "type" : "string"
              },
            }
          },
          "hostname" : {
            "type" : "string"
          },
          "id" : {
            "type" : "string"
          },
          "timestamp" : {
            "type" : "date",
            "format" : "dateOptionalTime"
          },
          "timestampEpoch" : {
            "type" : "long"
          },
          "type" : {
            "type" : "string"
          },
          "version" : {
            "type" : "string"
          }
        }
      }
    }
  }
}

Upvotes: 1

Views: 4085

Answers (1)

Richa
Richa

Reputation: 7649

Use this to combine them:

{
   "size":0,
   "query":{
      "filtered":{
         "query":{
            "query_string":{
               "query":"+environmentType:prod +application:app1",
               "analyze_wildcard":true
            }
         }
      }
   },
   "aggs":{
      "simpleDatehHistogram":{
         "date_histogram":{
            "field":"timestamp",
            "interval":"day"
         }
      }
   }
}

Upvotes: 2

Related Questions