Reputation: 83
How to create subquery with elasticsearch
I need to create a query on elasticsearch for the condition below.
When the last element added with the "rabbitmq.queue.name" attribute is equal to "service_test_error" and the value from "rabbitmq.queue.messages.total.count" is different of "0"
The sql query below works for my search, but I could not to do the same query with elasticsearch
select * from metric where rabbitmq.queue.messages.total.count != '0' and rabbitmq.queue.name = 'service_test_error' and timestamp = (select max(timestamp) from metric where rabbitmq.queue.name = 'service_test_error')
These records below are examples that exist in my metric-xpto index
[
{
"_index": "metric-xpto",
"_type": "_doc",
"_id": "jYP1WnEBmYyEo7K68Zme",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-04-08T18:03:14.899Z",
"rabbitmq": {
"queue": {
"name": "service_test_error",
"messages": {
"total": {
"count": 0
}
}
}
}
}
},
{
"_index": "metric-xpto",
"_type": "_doc",
"_id": "jYP1WnEBmYyEo7K68Zme",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-04-07T18:03:14.899Z",
"rabbitmq": {
"queue": {
"name": "service_test_error",
"messages": {
"total": {
"count": 3
}
}
}
}
}
},
{
"_index": "metric-xpto",
"_type": "_doc",
"_id": "jYP1WnEBmYyEo7K68Zme",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-04-03T17:03:14.899Z",
"rabbitmq": {
"queue": {
"name": "service_alpha_test_error",
"messages": {
"total": {
"count": 8
}
}
}
}
}
},
{
"_index": "metric-xpto",
"_type": "_doc",
"_id": "jYP1WnEBmYyEo7K68Zme",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-04-03T18:03:14.899Z",
"rabbitmq": {
"queue": {
"name": "service_test_error",
"messages": {
"total": {
"count": 8
}
}
}
}
}
}
]
How can I create a similar query using elasticsearch?
Upvotes: 1
Views: 3189
Answers (1)
Reputation: 9109
In query part you can only fetch top most record and then check has to be in client side on message count.
In aggregation part this can be done.
{
"size": 0,
"query": {
"term": {
"rabbitmq.queue.name.keyword": {
"value": "service_test_error"
}
}
},
"aggs": {
"date": {
"terms": {
"field": "@timestamp",
"size": 1,
"order": {
"_term": "desc"
}
},
"aggs": {
"message_count": {
"terms": {
"field": "rabbitmq.queue.messages.total.count",
"size": 10
},
"aggs": {
"filter_count": {
"bucket_selector": {
"buckets_path": {
"key": "_key"
},
"script": "if(params.key>0) return true; else return false;"
}
}
}
},
"select_timestamp": {
"bucket_selector": {
"buckets_path": {
"key": "message_count._bucket_count"
},
"script": "if(params.key>0) return true;else false;"
}
}
}
}
}
}
Result: If top most records message count is zero then buckets will be empty else there will be data
"hits" : {
"total" : {
"value" : 7,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"date" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 6,
"buckets" : [ ]
}
}
Elastic search doesn't have joins , So in query it is not possible to compare one document with another
Upvotes: 2
Related Questions
- Elastic search query for SQL query
- Have a sub query typpe search in ElasticSearch
- Nested Query in Elastic Search
- Multi Level Nested Queries
- How to write a nested query in combination with filters in Elastic Search?
- Sub Queries in ElasticSearch
- nested queries in Elasticsearch
- How to write search queries in kibana using Query DSL for Elasticsearch aggregation
- Elastic Search and "sub queries"
- Nested query in elasticsearch