A way to modify a scripted buckets agg query to only return only specific aggregation values rather than all of them?

casieowen · March 28, 2017, 6:16pm

Hi!

For this query:

GET pipetemplate1/_search
{
  "size": 0,
  "_source": "averageavailabilityforxxxxupdateservice_ws_xps.value", 
  "query": {
    "wildcard": {
      "instance": "*xxxxupdateservice|ws_xps"
      }
    },
  "aggs": {
    "histogram": {
      "date_histogram": {
        "field": "date",
        "interval": "minute"
      },
      "aggs": {
        "xxxxupdateservice_ws_xps_total": {
          "filter": {
            "prefix": {
              "instance": "requests|total"
            }
          },
          "aggs": {
            "avg": {
              "avg": {
                "field": "value"
              }
            }
          }
        },
        "xxxxupdateservice_ws_xps_5xx": {
          "filter": {
            "prefix": {
              "instance": "requests|5xx"
            }
          },
          "aggs": {
            "avg": {
              "sum": {
                "field": "value"
              }
            }
          }
        },
        "averageavailabilityforxxxxupdateservice_ws_xps": {
          "bucket_script": {
            "buckets_path": {
              "failurecount": "xxxxupdateservice_ws_xps_5xx>avg",
              "totalcount": "xxxxupdateservice_ws_xps_total>avg"
            },
            "script": "(params.totalcount-params.failurecount) / params.totalcount *100"
          }
        }
      }
    }
  }
}

I get results like this:

  "aggregations": {
    "histogram": {
      "buckets": [
        {
          "key_as_string": "2017-03-01T00:00:00.000Z",
          "key": 1488326400000,
          "doc_count": 4,
          "xxxxupdateservice_ws_xps_5xx": {
            "doc_count": 2,
            "avg": {
              "value": 0
            }
          },
          "xxxxupdateservice_ws_xps_total": {
            "doc_count": 2,
            "avg": {
              "value": 33.28715
            }
          },
          "averageavailabilityforxxxxupdateservice_ws_xps": {
            "value": 100
          }
        },

Is there a way to modify the query so that it only returns the last agg value:

   "averageavailabilityforxxxxupdateservice_ws_xps": 
            "value": 100

Thanks,
Casie

jpountz · March 29, 2017, 7:37am

There is no way to do that. One work-around might be to use the response-filtering option that all APIs support, which performs filtering at the json level: https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#common-options-response-filtering

casieowen · March 29, 2017, 4:27pm

That works!

system · April 26, 2017, 4:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.