0

I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way? The condition below is only for example.

GET _search
{
  "aggs" : {
      "sum_field" : { "sum" : { "field" : "someField" } }
  },
  "script_fields": {
    "script_name": {
      "script": {
        "lang": "painless",
        "source": """
             // get there aggs result (sum_field)
              if(sum_field > 5){
                  return sum_field
              }
        """
      }
    }
  }
}
XtrEmE
  • 13
  • 6

1 Answers1

0

The requirement is to execute sum aggregation over multiple indexes having the same field name

Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.

Indexes

I've created three indexes, having a single field called num.

index_1
     - num: long

index_2
     - num: long

index_3
     - num: text
          : fielddata: true

Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.

Sample Query:

POST /_search
{  
   "size":0,
   "query":{  
      "bool":{  
         "filter":[  
            {  
               "exists":{  
                  "field":"num"
               }
            }
         ]
      }
   },
   "aggs":{  
      "myaggs":{  
         "sum":{  
            "script":{  
               "source":"if(doc['num'].value instanceof long) return doc['num'].value;"
            }
         }
      }
   }
}

Query if you cannot set fielddata:true

In that case, you need to explicitly mention the indexes on which you'd want to aggregate. 

POST /_search
{  
   "size":0,
   "query":{  
      "bool":{  
         "filter":[  
            {  
               "exists":{  
                  "field":"num"
               }
            },
            {  
               "terms":{  
                  "_index":[  
                     "index_1",
                     "index_2"
                  ]
               }
            }
         ]
      }
   },
   "aggs":{  
      "myaggs":{  
         "sum":{  
            "script":{  
               "source":"if(doc['num'].value instanceof long) return doc['num'].value;"
            }
         }
      }
   }
}

Hope this helps!

Kamal Kunjapur
  • 8,547
  • 2
  • 22
  • 32
  • Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above). `GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }` – XtrEmE Nov 28 '18 at 13:35
  • hey @XtrEmE if I understand it correctly, what you want is, say you have a field `someField` which is present in **multiple indexes**, what you want is a script that can perform `sum` on its values over **all indices**? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can. – Kamal Kunjapur Nov 28 '18 at 14:32
  • I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher. `"source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """` – XtrEmE Nov 28 '18 at 14:47
  • hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it. – Kamal Kunjapur Nov 29 '18 at 10:08
  • @XtrEmE could you please check the answer now? I've updated it with what you are looking for. Let me know if that helps! – Kamal Kunjapur Nov 29 '18 at 11:24