CODEWITHSUNDEEP
elasticsearchelasticsearch-aggregationelasticsearch-dsl-py
pwnchaurasia
pwnchaurasia

Reputation: 1499

Elasticsearch aggregate on nested JSON data

I have to do some aggregation on json data. I saw multiple answers here on stackoverflow but not nothing worked for me. I have multiple row and in timeCountry column i have an array which stores JSON objects. with keys count, country_name, s_name.

I have to find the sum of all the rows according to s_name, Example - if in 1st row timeCountry holds array like below

[ {
      "count": 12,
      "country_name": "america",
      "s_name": "us"
    },
    {
      "count": 10,
      "country_name": "new zealand",
      "s_name": "nz"
    },
    {
      "count": 20,
      "country_name": "India",
      "s_name": "Ind"
    }]

Row 2 data is like below

[{
  "count": 12,
  "country_name": "america",
  "s_name": "us"
  },
  {
  "count": 10,
  "country_name": "South Africa",
  "s_name": "sa"
  },
  {
  "count": 20,
  "country_name": "india",
  "s_name": "ind"
  }]

like so on.

I need result like below

[{
        "count": 24,
        "country_name": "america",
        "s_name": "us"
    }, {
        "count": 10,
        "country_name": "new zealand",
        "s_name": "nz"
    },
    {
        "count": 40,
        "country_name": "India",
        "s_name": "Ind"
    }, {
        "count": 10,
        "country_name": "South Africa",
        "s_name": "sa"
    }
]

the above data is for only one row i have multiple rows timeCountry is column

What I tried writing for aggregation

{
   "query": {
      "match_all": {}
   },
   "aggregations":{
        "records" :{
            "nested":{
                "path":"timeCountry"
            },
            "aggregations":{
                "ids":{
                    "terms":{
                        "field": "timeCountry.country_name"
                    }
                }
            }
        }
   }

}

But its not working Please help

Upvotes: 3

Views: 3226

Answers (1)

Praveen Kumar
Praveen Kumar

Reputation: 114

I tried this on my local elastic cluster and I was able to get aggregated data on the nested documents. Depending on your mapping of index the answer may vary from mine. Following is the DSL that I tried with for aggregation :

{
    "aggs" : {
        "records" : {
            "nested" : {
                "path" : "timeCountry"
            },
            "aggs" : {
                "ids" : { "terms" : {
                    "field" : "timeCountry.country_name.keyword"
                },
               "aggs": {"sum_name": { "sum" : { "field" : "timeCountry.count" } } }
               }
            }
        }
    }
}

Following is the mapping of my index:

{
    "settings" : {
        "number_of_shards" : 1
    },
    "mappings": {
        "agg_data" : {
        "properties" : {
            "timeCountry" : {
                "type" : "nested"
            }
        }
    }
    }
}

Upvotes: 2

Related Questions